IOS and OS X have found a vulnerability in which passwords for iCloud · mail · browser saving are stolen, Apple has been shut down for over half a year

ByJudit Klein

Collaborative research teams across multiple countries point out that Apple's password storage system can be cracked using the zero day vulnerability present in Apple's iOS and OS X. Mac and iOS users have the risk of stealing iCloud's passwords stored on their devices and passwords stored in Google Chrome and others.

Apple CORED: Boffins reveal password-killer 0-days for iOS and OS X - The Register
http://www.theregister.co.uk/2015/06/17/apple_hosed_boffins_drop_0day_mac_ios_research_blitzkrieg/


[1505.06836] Unauthorized Cross-App Resource Access on MAC OS X and iOS
http://arxiv.org/abs/1505.06836

The root cause of this vulnerability is derived from defects in the authentication system between applications and between applications and OS. The research team analyzed OS X and iOS application code and measured whether information is properly protected. As a result of examining hundreds of applications, it appears that vulnerabilities exist in many influential applications.

If you exploit this bug, the place where information is encrypted when exchanging information such as password etc. between applications is usually called an attack "cross-app resource" which attacks the vulnerability of the application and decrypts the password Access attacks (XARA) "is possible.

ByDarwin figueroa

By cracking the "key chain service" which stores passwords and certificates of multiple applications within the terminal equipped with OS X and iOS, the attacker can also use the communication mechanism of OS X and iOS standard installed application It is possible to steal passwords stored in iCloud 's password, e - mail software, Google Chrome, etc. It is possible to steal information of applications including many personal information such as Evernote, Facebook, WeChat etc. If you exploit these bugs, about 88.6% of the applications being distributed for OS X and iOS will receive information There seems to be a possibility that it will be stolen.

You can see in the movie below how the key chain service is cracked and the password is visible.

Keychain attack demo: steal iCloud authentication token - YouTube


Luyi Xing heading the research reported these bugs to Apple in October 2014 and Apple responded that "I want you to wait 6 months before exposing the vulnerability", but after more than six months Even now, I heard that no contact from Apple.

When the research team contacted Google Chrome's development team, he said he got a response saying "It is highly likely that bugs will not be resolved at the application level." In addition, AgileBits offering Password management software 1 Password says "I examined the way to avoid attacks for 4 months, but I have not found it." Since this problem can not be easily solved, the research team creates code that detects attacks on OS X and protects vulnerable apps before being attacked.

According to The Register, a technology news site, this problem has not yet been resolved at the time of article creation and Apple has declined to comment.