MacRumors has posted research from a team at Indiana University who have discovered a very serious security issue with iOS and OS X:
A team of six researchers from Indiana University, Georgia Tech and Peking University have published an in-depth report exposing a series of security vulnerabilities that enable sandboxed malicious apps, approved on the App Store, to gain unauthorized access to sensitive data stored in other apps, including iCloud passwords and authentication tokens, Google Chrome saved web passwords and more.
Oh joy. So much for Apple products being secure. If I were you, I’d take the time to not only read the article but to watch the YouTube videos in the article. It’s detailed and a bit technical, but it will open your eyes. So will this:
Lead researcher Luyi Xing told The Register that he reported the security flaws to Apple in October 2014 and complied with the iPhone maker’s request to withhold publishing the information for six months, but has not heard back from the company since and is now exposing the zero-day vulnerabilities to the public. The flaws affect thousands of OS X apps and hundreds of iOS apps and can now be weaponized by attackers.
What is with companies not addressing security flaws like these in a timely manner? I say that because just yesterday Samsung was accused of not acting quickly to address a serious security issue. I say that if companies don’t want to do this as a part of their normal business practices, perhaps legislation or lawsuits might be the way to go?
Related
This entry was posted on June 17, 2015 at 10:11 am and is filed under Commentary with tags Apple, Security. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
New Research Reveals Serious Security Flaws in iOS And OS X…. And Apple Has Had 6 Months To Fix It
MacRumors has posted research from a team at Indiana University who have discovered a very serious security issue with iOS and OS X:
A team of six researchers from Indiana University, Georgia Tech and Peking University have published an in-depth report exposing a series of security vulnerabilities that enable sandboxed malicious apps, approved on the App Store, to gain unauthorized access to sensitive data stored in other apps, including iCloud passwords and authentication tokens, Google Chrome saved web passwords and more.
Oh joy. So much for Apple products being secure. If I were you, I’d take the time to not only read the article but to watch the YouTube videos in the article. It’s detailed and a bit technical, but it will open your eyes. So will this:
Lead researcher Luyi Xing told The Register that he reported the security flaws to Apple in October 2014 and complied with the iPhone maker’s request to withhold publishing the information for six months, but has not heard back from the company since and is now exposing the zero-day vulnerabilities to the public. The flaws affect thousands of OS X apps and hundreds of iOS apps and can now be weaponized by attackers.
What is with companies not addressing security flaws like these in a timely manner? I say that because just yesterday Samsung was accused of not acting quickly to address a serious security issue. I say that if companies don’t want to do this as a part of their normal business practices, perhaps legislation or lawsuits might be the way to go?
Share this:
Like this:
Related
This entry was posted on June 17, 2015 at 10:11 am and is filed under Commentary with tags Apple, Security. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.