Six university researchers found deadly zero-day security flaws in Apple’s iOS mobile platform and its OS X desktop operating system. This iphone Security flaw was seemingly acknowledged by Apple. According to Researchers iOS and OS X allow a malicious app to steal passwords from Apple’s Keychain, as well as both Apple and third-party apps.
The Indiana University’s boffins Xing told The Register‘s security desk -
“Recently we discovered a set of surprising security vulnerabilities in Apple’s Mac OS and iOS that allows a malicious app to gain unauthorised access to other apps’ sensitive data such as passwords and tokens for iCloud, Mail app and all web passwords stored by Google Chrome,”
Our malicious apps successfully went through Apple’s vetting process and was published on Apple’s Mac app store and iOS app store.
“We completely cracked the keychain service – used to store passwords and other credentials for different Apple apps – and sandbox containers on OS X, and also identified new weaknesses within the inter-app communication mechanisms on OS X and iOS which can be used to steal confidential data from Evernote, Facebook and other high-profile apps.”
Researchers say they reported the flaws to Apple in October 2014 to give the company time to get rid of this flaw prior to making it public. According to the team, Apple acknowledged the severity of the flaw, but it remains present in the current released versions of both iOS and OS X.
How to Remove Security Risk -
Till now Apple has not given any updates to its iOS or OsX to remove this security risk.So for now , best advice for users is to be very cautious when you are downloading any app from unknown developers, even when you are downloading it from iOS and Mac app stores. The best practice is to never allow either of your browser or any apps to store your sensitive login password.