Zero-day exploit lets App Store malware steal OS X and iOS passwords

Security researchers have found major flaws in OS X and a single one in iOS that open the door to malware. The exploits allow malicious apps that have made their way into the App Store to bypass or ignore sandbox and other security protections to grab passwords from others apps’ keychain entries, steal data from other apps’ private data storage, hijack network ports, and masquerade as different apps to intercept certain communications.

Apple’s review process for the App Store—both for iOS and OS X—is supposed to prevent malware from entering its system. If that bulwark fails, the company relies on sandboxing, which prevents apps from accessing data and files other than that managed by the app, except through very tightly defined channels.

To read this article in full or to leave a comment, please click here