Sign InRegister 
Tech Board
ReturnBottom
Page 1
Page 1
Started By
Message

Apple Keychain users: Warning

Posted on 6/17/15 at 7:49 am
Posted by colorchangintiger
Dan Carlin
Member since Nov 2005
30979 posts
Back to top
Posted on 6/17/15 at 7:49 am
LINK

quote:
Six university researchers have revealed deadly zero-day flaws in Apple's iOS and OS X, claiming it is possible to crack Apple's keychain, break app sandboxes and bypass its App Store security checks so that attackers can steal passwords from any installed app including the native email client without being detected.


quote:
Quick summary of the keychain "crack":
Keychain items have access control lists, where they can whitelist applications, usually only themselves. If my banking app creates a keychain item, malware will not have access. But malware can delete and recreate keychain items, and add both itself and the banking app to the ACL. Next time the banking app needs credentials, it will ask me to reenter them, and then store them in the keychain item created by the malware.


It's a big deal, but not terrible. User has to install a malicious app from the app store for this to work.

Link to the paper

That they're referring to OS X as MAC OS and OS~X makes my head hurt.

ETA: "Rootless" in OS X El Cap and iOS 9 may alleviate this bug.
This post was edited on 6/17/15 at 7:51 am
Replyreplies1...
Posted by GFunk
Denham Springs
Member since Feb 2011
14966 posts
Back to top
Posted on 6/17/15 at 2:28 pm to colorchangintiger
With tight control over the app store for iOS, it this really a concern for iOS/iPhone/iPad users?
Replyreplies0...
Tech Board
Return To Board
Page 1
Return To Board
first pageprev pagePage 1 of 1Next pagelast page
refresh
Latest LSU News »
Updated College Baseball National Champion Odds
Preview & Pitching Rotation: LSU vs. Alabama This Weekend In Tuscaloosa
Olivia Dunne Reveals How She Found Out Her Boyfriend Paul Skenes Was Getting Called Up
PFF Ranks The Top Returning College Football Players At Every Position
Jayden Daniels Makes Deal With Washington Commanders Punter To Get No. 5
Sports Lite »
Tennis Influencer Rachel Stuhlmann Shows Off Her New Pickleball Paddle
Mom vs Son Drills In Pee-Wee Football Drills
Scott Van Pelt Took Clear Shot At Colin Cowherd Last Night
Dana White's Viral FedEx Delivery Video Leads To Driver's Firing
Luka Doncic Press Conference Interrupted By Audio Of Woman Moaning
Latest SEC Headlines »
Hugh Freeze Addresses Remaining Needs In The Transfer Portal
Watch: The Ending Of The Auburn-Georgia Softball Game In The SEC Tournament Was Crazy
Kirby Smart When Players Transfer: 'If We Lose You, That Is Okay. We Will Replace You"
Hugh Freeze Wasn't Comfortable Paying $1 Million For Quarterback
Kristen Saban Makes First Public Appearance Since Cheating Allegations
Popular
ESPN Graphic Shows LSU's Chances Of Getting Into The NCAA Tournament
Legendary S.I. Swimsuit Model Nina Agdal Returns For 60th Anniversary Issue
Kristen Saban Makes First Public Appearance Since Cheating Allegations
LSU Offers DT Jay'viar Suggs Out Of The Transfer Portal
Olivia Dunne Reveals How She Found Out Her Boyfriend Paul Skenes Was Getting Called Up

Back to top
logoFollow TigerDroppings for LSU Football News
Follow us on Twitter, Facebook and Instagram to get the latest updates on LSU Football and Recruiting.

FacebookTwitterInstagram
Back to top Sign In/Register
View in: Desktop
PrivacyAdvertisingContactTerms
Copyright @2024 TigerDroppings.com. All rights reserved.
Turn on Dark Mode