Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Zero-day exploit lets App Store malware steal OS X and iOS passwords

Glenn Fleishman | June 18, 2015
Researchers have discovered an exploit that lets OS X and iOS malware in the App Store steal passwords and app data, as well as hijack session tokens.

His colleague, PhD candidate Luyi Xing, noted that "Apple should do something to enforce scheme management" as well. However, Xing said that it boils down to being a design problem, rather than an app implementation issue. That will require some deep rethink at Apple, and put some burden on developers as new authentication and registration procedures make their way into App Store requirements.

Because the flaws can only be exploited by apps that make it into the App Store, that provides a firewall for now.

 

Previous Page  1  2  3  4 

Sign up for CIO Asia eNewsletters.