[MacTUG] FW: [Sec-wg] of possible interest: Apple iOS & OSx zero day exploit
Jim Johnston
jjohnston at uwaterloo.ca
Thu Jun 18 09:41:14 EDT 2015
For those MacTUG folks who are not on the sec-wg...
-----Original Message-----
From: sec-wg-bounces at lists.uwaterloo.ca [mailto:sec-wg-bounces at lists.uwaterloo.ca] On Behalf Of pmatlock at uwaterloo.ca
Sent: Wednesday, June 17, 2015 22:28
To: sec-wg at lists.uwaterloo.ca
Subject: [Sec-wg] of possible interest: Apple iOS & OSx zero day exploit
<Six university researchers have revealed deadly zero-day flaws in Apple's iOS and OS X, claiming it is possible to crack Apple's password-storing keychain, break app sandboxes, and bypass its App Store security checks.
Attackers can exploit these bugs to steal passwords from installed apps, including the native email client, without being detected.
The team was able to upload malware to Apple's app stores, and passed the vetting processes without triggering any alarms. That malware, when installed on a victim's Mac, raided the keychain to steal passwords for services including iCloud and the Mail app, and all those stored within Google Chrome>
http://www.theregister.co.uk/2015/06/17/apple_hosed_boffins_drop_0day_mac_ios_research_blitzkrieg/
--
Patrick Matlock
pmatlock at uwaterloo dot ca | ASc., BSc.(Math & CS), BA, BA,
MCSE, PMcert
IST-Information Security Services | 1-519-888-4567 x38378 University of Waterloo Waterloo, Ontario ===============================================================================
To obtain my UW GPG public key:
http://pgp.mit.edu:11371/pks/lookup?search=pmatlock&op=index
_______________________________________________
Sec-wg mailing list
Sec-wg at lists.uwaterloo.ca
https://lists.uwaterloo.ca/mailman/listinfo/sec-wg
More information about the MacTUG
mailing list