The researchers acknowledge that the real vulnerabilities here affect OS X but that iOS does not get off scot-free.
IBTimes United Kingdom has contacted Apple and is waiting for a response.
“Samsung has the capability to update the security policy of the phones, over-the-air, to invalidate any potential vulnerabilities caused by this issue, it said in a statement”.
About 88.6 per cent of 200 iOS and 1,612 OS X apps were declared to be “completely exposed” to non authorized cross-app resource access (XARA) attacks enabling nasty apps to approach otherwise secure data.
The flaw was revealed in an academic paper released by researchers from Indiana University, Peking University and the Georgia Institute of Technology, and discussed on The Register.
While the flaw is cross-platform, the researchers said that it is particularly effective against Apple services.
According to the Register, Google was more responsive to the security loophole as Chromium security team removed Keynote integration for Chrome. In February, Cupertino requested an advance copy of the paper, but the flaws remain present in the latest shipping versions of both operating systems.
To prove that a hacker could pull off the attack, the research team sneaked a malicious app capable of stealing passwords into Apple’s heavily guarded App Store. They also allow attackers to bypass the App Store security checks.
“Even though iOS drops many useful functionalities of OS X (e.g. keychain’s access control list for sharing passwords or tokens across apps) and are therefore less vulnerable, it is still not immune to the threat”. The flaws could be exploited by malware to steal data and passwords, for example, by cracking the built-in Keychain password manager in OS X. By creating a malicious helper app with the same Bundle ID as an existing app, malicious apps can gain access to the legitimate app’s containers.
A race condition is created if a malicious app creates a login cookie and grants another application permission to access that Keychain item.
The problem boils down to there being no way to verify which app owns a credential in Keychain and the operating system doesn’t check if saving a credential to another app’s keychain is suspicious. Data stored in third-party apps like Facebookmay also be vulnerable via the communications flaw.
While the paper indicates that the vulnerability will be hard to patch up, researchers were able to develop a simple tool that can detect exploit attempts, though it’s not clear if it is publicly available. “Oftentimes, Apple thinks that the developer should do that but fails to make it clear to the developer”, he said in an email exchange with Dark Reading. OS X doesn’t check if apps are entitled to uses specific URL schemes.
But with the XARA revelations, it’s clear that with enough know-how – and with the unwitting help of the App Store – my passwords could still be monitored going from 1Password into my web browser, or data could be taken directly from my OS X keychain.
However, the researchers are working with Apple in trying to address the issues, he says.
View the original content and more from this author here: http://ift.tt/1GmK0K4
from hacker samurai http://ift.tt/1GVS3lO
via IFTTT
No comments:
Post a Comment