![]() Despite the supposed vetting by Apple engineers, the researchers' apps were able to bypass sandboxing protections that are supposed to prevent one app from accessing the credentials, contacts, and other resources belonging to another app. The malicious proof-of-concept apps were approved by the Apple Store, which requires all qualifying submissions to treat every other app as untrusted. ![]() Researchers have uncovered huge holes in the application sandboxes protecting Apple's OS X and iOS operating systems, a discovery that allows them to create apps that pilfer iCloud, Gmail, and banking passwords and can also siphon data from 1Password, Evernote, and other apps. We have additional fixes in progress and are working with the researchers to investigate the claims in their paper." Update: Late Friday afternoon, Apple officials released the following statement: "Earlier this week we implemented a server-side app security update that secures app data and blocks apps with sandbox configuration issues from the Mac App Store.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |