Business

News

 
More...

Alerts

 
More...

Events

 
More...
 
     
 

Security Flaws in Apple OS X and iOS

 

Systems Affected


Apple OS X
Apple iOS

Threat Level


Medium


Overview


Six university researchers have revealed four vulnerabilities affecting Apple OS X and iOS. These vulnerabilities could allow attackers to steal passwords and other credentials if successfully exploited.


Description


The vulnerabilities are:

1.Password stealing vulnerability
Allows a malicious app to steal the credentials that the user has entered in to the keychain when the user accesses the affected app.

2.Container cracking
Allows a malicious app to gain access to the secure container belonging to another app and steal data from it.

3.IPC interception
Allows a malicious app to claim the network port used by a legitimate application and intercept data intended for it, such as password or other sensitive information.

4.Scheme hijacking
Allows a malicious app to steal access tokens and passwords.


Impact


Passwords, authentication tokens and other sensitive and private information could be stolen if one of the vulnerabilities is successfully exploited.


Solution/ Workarounds


Currently, no patches are available. Users are advised to adopt the following recommendations to reduce the chances of being exploited.
Do not download and install apps from unknown sources
Do not open suspicious links


References


https://drive.google.com/file/d/0BxxXk1d3yyuZOFlsdkNMSGswSGs/view?pli=1
http://www.imore.com/depth-look-ios-os-x-xara-vulnerabilities
http://www.imore.com/xara-exploits-mac-iphone-and-ipad-and-what-you-need-know
http://www.theregister.co.uk/2015/06/17/apple_hosed_boffins_drop_0day_mac_ios_research_blitzkrieg/


Disclaimer


The information provided herein is on "as is" basis, without warranty of any kind.


 
     

© Copyright Sri Lanka CERT|CC. All Rights Reserved.