![]() ![]() "The consequences are dire," they wrote in a research paper titled Unauthorized Cross-App Resource Access on MAC OS X and iOS. ![]() The success of the researchers' cross-app resource access-or XARA-attacks, raises troubling doubts about those assurances on the widely used Apple platforms. Like Linux, Android, Windows, and most other mainstream OSes, OS X and iOS strictly limit app access for the purpose of protecting them against malware. Despite the supposed vetting by Apple engineers, the researchers' apps were able to bypass sandboxing protections that are supposed to prevent one app from accessing the credentials, contacts, and other resources belonging to another app. The malicious proof-of-concept apps were approved by the Apple Store, which requires all qualifying submissions to treat every other app as untrusted. ![]() Researchers have uncovered huge holes in the application sandboxes protecting Apple's OS X and iOS operating systems, a discovery that allows them to create apps that pilfer iCloud, Gmail, and banking passwords and can also siphon data from 1Password, Evernote, and other apps. We have additional fixes in progress and are working with the researchers to investigate the claims in their paper." Update: Late Friday afternoon, Apple officials released the following statement: "Earlier this week we implemented a server-side app security update that secures app data and blocks apps with sandbox configuration issues from the Mac App Store. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |