New zero day vulnerabilities XARA affecting Apple OSX and iOS

Six university researchers from Indiana University have revealed four vulnerabilities affecting Apple OS X and iOS. Dubbed as XARA for “cross-app resource attacks”, the in depth report can be found in a whitepaper released on Wednesday. 

These vulnerabilities claim to crack Apple’s password-storing keychain, break app sandboxes, and bypass App Store security checks. If successfully exploited, they could allow attackers to steal passwords, authentication tokens and other credentials from users.

The vulnerabilities can be summarized as:

1. Password stealing vulnerability

 

Allows a malicious app to steal the credentials that the user has entered in to the keychain when the user accesses the affected app.

2. Container Cracking

Allows a malicious app to gain access to the secure container belonging to another app and steal data from it.

3. IPC Interception

Allows a malicious app to claim the network port used by a legitimate application and intercept data intended for it, such as password or other sensitive information.

 

4. Scheme Hijacking

Allows a malicious app to steal access tokens and passwords.

As of now no updates are available from the vendor. As a preventive measure, users are advised to avoid clicking unsolicited links and installing apps from unknown sources.
It is advisable to perform through vulnerability assessment and penetration testing exercises periodically on your websites to ensure you are safe from such threats.
0 0 vote
Article Rating

Related posts

Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments