Report: Mac OS X and iOS security flaws allow for password theft

A group of researchers from universities including the Georgia Institute of Technology have found that Apple’s iOS and OS X have significant zero-day security flaws. Lead Researcher Luyi Xing and his colleagues detailed the holes in their report, “Unauthorized Cross-App Resource Access on MAC OS and iOS.” The flaws, which started making headlines on June 17, permit malicious apps to snag passwords from Apple’s Keychain and third-party apps, according to 9to5mac.

To conduct their research, the authors of the report uploaded malware to Apple’s App Store. In the process, they did not trigger alerts signifying that their app could steal passwords for services, including Mail and iCloud.

“Running it on hundreds of binaries, we confirmed the pervasiveness of the weaknesses among high-impact Apple apps,” the authors wrote in their report.

Xing says that his team reported the flaws to Apple in October 2014. Afterward, he complied with the company’s request to withhold the release of his report for six months, according to The Register. Thus far, Apple has not been immediately available for comment. However, the research team suspects that the security flaws are still present.

“We built end-to-end attacks on several high-impact apps (e.g., Facebook, Pinterest, etc.), identified the impacts of the threat over a thousand apps, and more importantly demonstrate that the attacks can be made stealthy (through different man-in-the-middle tricks on MAC OS and iOS, passing the stolen token to the victim app, to completely conceal the attack), which is nontrivial,” the report continues.

Thus far, much of the researchers’ work has been focused on Android security. This is one of the first reports that has been based on Apple’s security vulnerabilities. Xing and his team say that most of the problems stem from Apple’s cross-app resource sharing and communication methods.

Researchers concluded that approximately 90 percent of Mac and iOS apps were “completely exposed,” giving malware full access to sensitive data.


New ‘Battlefield V’ patch gives Nvidia’s ray tracing support a chance to shine

‘Battlefield V’ is the first game to use Nvidia’s ray tracing support, now available with the RTX 2080 and 2080 Ti graphics cards. The feature can, in an ideal scenario, make the game look better, but the performance hit may not be…

Edit, sign, append, and save with six of the best PDF editors

There are plenty of PDF editors to be had online, and though the selection is robust, finding a solid solution with the tools you need can be tough. Here, we've rounded up best PDF editors, so you can edit no matter your budget or OS.

Best free parental control software for PC, Mac, iOS, and Android

The internet can be a dangerous place, especially for your loved ones. Check out our selection of the best free parental control software for Windows and Mac OS X, so you can monitor your child and block unsavory sites.

415,000 routers worldwide reportedly infected with cryptojacking malware

Even though there is a fix ready to prevent the threat of a cryptojacking malware discovered in Brazil earlier this year, the rapid growth of infection caused by the malware shows that not many users have installed the patch.

Changing file associations in Windows 10 is quick and easy with these steps

Learning how to change file associations can make editing certain file types much quicker than manually selecting your preferred application every time you open them. Just follow these short steps and you'll be on your way in no time.

Intel's dedicated GPU is not far off -- here's what we know

Did you hear? Intel is working on a dedicated graphics card. It's called Arctic Sound and though we don't know a lot about it, we know that Intel has some ex-AMD Radeon graphics engineers developing it.

How to easily record your laptop screen with apps you already have

Learning how to record your computer screen shouldn't be a challenge. Lucky for you, our comprehensive guide lays out how to do so using a host of methods, including both free and premium utilities, in both MacOS and Windows 10.

From beautiful to downright weird, check out these great dual monitor wallpapers

Multitasking with two monitors doesn't necessarily mean you need to split your screens with two separate wallpapers. From beautiful to downright weird, here are our top sites for finding the best dual monitor wallpapers for you.

Capture screenshots with print screen and a few alternative methods

Capturing a screenshot of your desktop is easier than you might think, and it's the kind of thing you'll probably need to know. Here's how to perform the important function in just a few, easy steps.

These cheap laptops will make you wonder why anyone spends more

Looking for a budget notebook for school, work, or play? The best budget laptops, including our top pick -- the Asus ZenBook UX331UA -- will get the job done without digging too deeply into your pockets.

Vanquish lag for good with the best routers for gaming

Finding the best routers for gaming is no easy task. With so many out there, how do you know which to pick? We've looked at the many options available and put together a list of our lag-free favorites.

Stop your PC's vow of silence with these tips on how to fix audio problems

Sound problems got you down? Don't worry, with a few tweaks and tricks we'll get your sound card functioning as it should, and you listening to your favorite tunes and in-game audio in no time.
Product Review

It's not the sharpest tool, but the Surface Go does it all for $400

Microsoft has launched the $400 Surface Go to take on both the iPad and Chromebooks, all without compromising its core focus on productivity. Does it work as both a tablet and a PC?

These Raspberry Pi 3 bundles will cover everyone, from coders to gamers

The Raspberry Pi 3 is a low-budget computing platform capable of doing just about anything. We rounded up a handful of the best Raspberry Pi 3 bundles to get you started on a variety of DIY projects.