• Apple Acknowledges XARA Exploit, States Fixes are being Worked On



    Apple recently commented on the discovery of so-called cross-app resource access (XARA) exploits, saying that it rolled out a server-side security update and is working with researchers on additional fixes. In a recent statement provided to the folks over at iMore, Apple confirmed knowledge of XARA vulnerabilities and the potential exploits they enable through malicious software on OS X and iOS.

    An Apple spokesman said the following regarding the matter:

    Earlier this week we implemented a server-side app security update that secures app data and blocks apps with sandbox configuration issues from the Mac App Store. We have additional fixes in progress and are working with the researchers to investigate the claims in their paper.
    The vulnerabilities were discovered just last year by a team of researchers working out of Indiana University, Georgia Tech and Chinaís Peking University, who informed Apple of their findings just last October. Around the same time, Apple requested details of the exploits be withheld from publications for six months. The groupís research paper, which was published last week, explained that malicious apps take advantage of flaws in the way OS X and iOS move and store inter-app data. When it came to OS X, malware downloaded from the App Store is able to access and modify the Keychain database and Bundle IDs, the latter of which are used as a form of access control. The other attacks involved included WebSockets and URL schemes.

    Although the threat is one that is very important, the folks over at iMore are stating that some news outlets may have overhyped the danger the exploit puts users in. In order to implement a fix for the issue, both Apple and developers need to rework data handling methods with protocols that are more stringent. Weíre still waiting on Apple to release additional fixes for the issue.

    Source: XARA Research Paper (Google Doc) via iMore
    This article was originally published in forum thread: Apple Acknowledges XARA Exploit, States Fixes are being Worked On started by Akshay Masand View original post
    Comments 2 Comments
    1. jjeromejr's Avatar
      jjeromejr -
      Apple is becoming worse than Microsoft with all the exploits and patching of their software.
    1. Ambi_Valence's Avatar
      Ambi_Valence -
      Quote Originally Posted by jjeromejr View Post
      Apple is becoming worse than Microsoft with all the exploits and patching of their software.
      Worse, not sure about that. Itís to be expected surely?
      What matters is how they react.
  • Connect With Us

  • Twitter Box

  • Facebook