- My Forums
- Tiger Rant
- LSU Recruiting
- SEC Rant
- Saints Talk
- Pelicans Talk
- More Sports Board
- Fantasy Sports
- Golf Board
- Soccer Board
- O-T Lounge
- Tech Board
- Home/Garden Board
- Outdoor Board
- Health/Fitness Board
- Movie/TV Board
- Book Board
- Music Board
- Political Talk
- Money Talk
- Fark Board
- Gaming Board
- Travel Board
- Food/Drink Board
- Ticket Exchange
- TD Help Board
Customize My Forums- View All Forums
- Show Left Links
- Topic Sort Options
- Trending Topics
- Recent Topics
- Active Topics
Started By
Message
Apple Keychain users: Warning
Posted on 6/17/15 at 7:49 am
Posted on 6/17/15 at 7:49 am
LINK
It's a big deal, but not terrible. User has to install a malicious app from the app store for this to work.
Link to the paper
That they're referring to OS X as MAC OS and OS~X makes my head hurt.
ETA: "Rootless" in OS X El Cap and iOS 9 may alleviate this bug.
quote:
Six university researchers have revealed deadly zero-day flaws in Apple's iOS and OS X, claiming it is possible to crack Apple's keychain, break app sandboxes and bypass its App Store security checks so that attackers can steal passwords from any installed app including the native email client without being detected.
quote:
Quick summary of the keychain "crack":
Keychain items have access control lists, where they can whitelist applications, usually only themselves. If my banking app creates a keychain item, malware will not have access. But malware can delete and recreate keychain items, and add both itself and the banking app to the ACL. Next time the banking app needs credentials, it will ask me to reenter them, and then store them in the keychain item created by the malware.
It's a big deal, but not terrible. User has to install a malicious app from the app store for this to work.
Link to the paper
That they're referring to OS X as MAC OS and OS~X makes my head hurt.
ETA: "Rootless" in OS X El Cap and iOS 9 may alleviate this bug.
This post was edited on 6/17/15 at 7:51 am
Posted on 6/17/15 at 2:28 pm to colorchangintiger
With tight control over the app store for iOS, it this really a concern for iOS/iPhone/iPad users?
Popular
Back to top
Follow TigerDroppings for LSU Football News