Bad news for users who have an Apple device. Security Investigators of the Indiana University and the Georgia Institute of Technology have discovered a major security flaw in iOS and OS X that allows a malicious user to steal passwords stored in the iCloud Keychain, among others.
The team of researchers informed Apple of this security breach last October. At that moment, Apple recognized the seriousness of the problem and asked investigators for at least six months to address the issue before they published the information on that ruling. Last February, Apple requested more information from the team that discovered the bug, but the problem has not been resolved in the latest releases of the operating systems of the bitten apple.
Security experts managed to upload malware capable of exploiting certain vulnerabilities of iOS and OS X to both the Mac App Store and the App Store. The compromised applications were approved by Apple on both platforms despite being informed of the problem. The team also said they had tested the exploit with different Mac and iOS applications, providing worrying data: almost 90% of applications are vulnerable to security breach, allowing full access to data stored in applications, including login.
Malicious code cannot directly access the iCloud keychain. What a malicious user should do is deceive us and have us put our credentials in a fraudulent window. This is known as phishing.
The bug is also present in third-party applications such as 1Password, who states that there is no way to protect against this exploit. Google also states that it is impossible to protect yourself, so, as a precautionary measure, you removed the keychain included in Chrome for OS X.
The only way to combat this problem right now is to download only applications from known developers, even if we download them from official stores. In other words, do not install new developer applications to test them, which also does not sound good.
Now that it has been published, Apple should put the batteries. The road will not be easy and important things will have to be changed in both iOS and OS X, but they could take advantage that they will launch new operating systems to make the necessary changes. Be that as it may, it is worrying and a company like Apple that protects our privacy so much can't afford to have such a big security flaw.
The best accessories for your iPhone
Are you looking for a new case for your iPhone? An accessory for the Apple Watch? Maybe a Bluetooth speaker? Do not miss these offers on accessories and get the most out of Apple's mobile: