Much to the dismay of Apple Inc. (NASDAQ:AAPL) users everywhere, three weaknesses in cross-app resource sharing were discovered by a research team from Georgia Tech, Indiana University, and Peking University in China. The flaws were not only found to exist on both Apple’s mobile and desktop platforms, but were actually used to effectively steal data including passwords and authentication keys. This could be devastating in the hands of hackers and other security threats.
The vulnerabilities found by the team include flaws found in OS X’s app containers, Keychain’s list of access controls, and other URL structures which allow for app communication. After being alerted to these bugs in October of 2014, the company was granted a 6 month extension.
The bugs found in “Keychain” come from a failure to confirm that apps are allowed to modify entries. If a hacker were to utilize the bug, he could create a bad app which can produce entries before the genuine app can. This will give the bad app complete access to the full content of the genuine app; he could also simply delete the app altogether.
To test just how dangerous the vulnerabilities were to users, the research team created a video showing them removing the Keychain entry on a user’s iCloud account, and generating a new, bad app. They were also able to effectively gain access to the hidden iCloud token in System Preferences. The team also conducted a similar experiment with successful results by accessing passwords kept in a Google Chrome browser.
The second weakness found by the research team resides in Apple’s in OS X’s app containers. These containers were created to prohibit the Mac App Store applications unable to gain access to other applications without permission.
Apple administers this prohibition giving a Bundle ID to each app a Bundle ID to assure uniqueness. However, Apple does not check uniqueness on helper applications such as “1Password Mini.” If a hacker were to create a false helper application with the exact same Bundle ID as an real application, he would again be able to gain access to the true app’s containers.
The third major flaw found involves URL schemes. The team was able to hijack URLs of legitimate applications and extract all data which was circulated amongst them
These bugs are still not fixed in the most recent pre-release versions of OS X Yosemite, although they have yet to be tested against OS X El Capitan. The researchers were also able to get evidence of these conceptual applications into the iOS and Mac App stores, where, during the approval process, the malware was never discovered.
How Apple plans to alleviate these extortions looking ahead is still unclear, because fixing these weaknesses would require major architectural modifications to the way OS X and iOS interact with applications.
For now, it is recommended that users follow typical security precautions. Users should never install applications from unfamiliar sources, and should be aware of anything suspicious regarding password prompts.
Don’t be too late to the party – Click Here to see what 4500 Wall Street Analysts say about your stocks.