New Bugs Found In Apple’s iOS and Mac Operating Systems Could Result In Stolen Passwords
Researchers from the University of Indiana discovered a bug in Apple’s operating system that could allow cybercriminals new ways to use apps to hijack passwords.
Apps that you install on your computer or phone through Apple’s Mac App Store and the iOS App Store stay in a secure container on your device or computer that’s known as a “sandbox”, so they can’t access any of your private information. However, some apps need access to things like your location (for an app that helps you with navigation, for example), and, for that kind of access, the app usually needs to ask for your permission to do so. These University of Indiana researchers discovered a few ways that apps could get access to certain information (like your Keychain, which stores your passwords) without asking for permission first. If these methods are used by cybercriminals, it could allow them to steal users’ login information for all of their websites.
For now, nobody has seen these flaws exploited in this way, but researchers at Symantec believe that, now that this bug has been exposed, it’s only a matter of time before cybercriminals start using it.
Slipping Through The Cracks In Apple’s Gateway
Apple’s security within its App markets is pretty tight, and it does a great job of keeping malicious apps from being distributed; however, when researchers created a malicious app to test the security of the Mac App Store, the app was allowed to go live briefly before Apple’s security pulled it down.
So…how do you stay safe?
- Mac OSX and iOS users should apply any security updates issued by Apple as soon as they become available.
- Use your “spidey senses” when installing new software. Better yet, stick to installing apps from vendors you know and trust.
- Make sure that you have updated security software, which will make it much harder for criminals to use exploits to deliver malware onto your computer or device. No security software? Check out Norton Security for proactive, real-time protection on any device.
- Consider using a free password manager, like Norton Identity Safe, to store your passwords, instead of saving them directly to your computer.