[SingCERT] Security Flaws in Apple OS X and iOS

Published on Tuesday, 23 June 2015 16:47

[ Background ]

Six university researchers have revealed four vulnerabilities affecting Apple OS X and iOS. These vulnerabilities could allow attackers to steal passwords and other credentials if successfully exploited.

The vulnerabilities are:

  1. Password stealing vulnerability
    Allows a malicious app to steal the credentials that the user has entered in to the keychain when the user accesses the affected app.
  2. Container cracking
    Allows a malicious app to gain access to the secure container belonging to another app and steal data from it.
  3. IPC interception
    Allows a malicious app to claim the network port used by a legitimate application and intercept data intended for it, such as password or other sensitive information.
  4. Scheme hijacking
    Allows a malicious app to steal access tokens and passwords.

[ Affected Software ]

  • Apple OS X
  • Apple iOS

[ Impact ]

Passwords, authentication tokens and other sensitive and private information could be stolen if one of the vulnerabilities is successfully exploited.

[ Recommendations/Workarounds ]

Currently, no patches are available. Users are advised to adopt the following recommendations to reduce the chances of being exploited.

  • Do not download and install apps from unknown sources
  • Do not open suspicious links

[ References ]