Published on Tuesday, 23 June 2015 16:47
[ Background ]
Six university researchers have revealed four vulnerabilities affecting Apple OS X and iOS. These vulnerabilities could allow attackers to steal passwords and other credentials if successfully exploited.
The vulnerabilities are:
- Password stealing vulnerability
Allows a malicious app to steal the credentials that the user has entered in to the keychain when the user accesses the affected app.
- Container cracking
Allows a malicious app to gain access to the secure container belonging to another app and steal data from it.
- IPC interception
Allows a malicious app to claim the network port used by a legitimate application and intercept data intended for it, such as password or other sensitive information.
- Scheme hijacking
Allows a malicious app to steal access tokens and passwords.
[ Affected Software ]
[ Impact ]
Passwords, authentication tokens and other sensitive and private information could be stolen if one of the vulnerabilities is successfully exploited.
[ Recommendations/Workarounds ]
Currently, no patches are available. Users are advised to adopt the following recommendations to reduce the chances of being exploited.
- Do not download and install apps from unknown sources
- Do not open suspicious links
[ References ]