It seems to be one of those weeks, as security scares are picked up everywhere. We’ve seen one in a piece of keyboard software preinstalled on Samsung phones, in the way two-factor authentication works for retrieving passwords from services like Google, and now it’s Apple’s turn to see what sort of fun and havoc can occur on its devices.
This week, six researchers at the University of Indiana in the US have found something rather interesting, revealing flaws in Mac OS X and iOS that could allow cybercriminals to pinch passwords from computers, smartphones, and tablets.
According to the research, the apps delivered through both the Mac App Store on Mac OS X and the App Store on the iPhone and iPad have vulnerabilities that could allow malicious apps to access your passwords in the storage system Apple calls the “Keychain”.
The team found other issues that allow apps to gain access to separate apps and potentially take information from them, with another security issue highlighting that if a malicious application were installed targeting the right information, it could take over commands sent from a browser to another app, such as a link from a web browser to open a mail client.
The research highlights what can happen, and while we’ve yet to see any of this happening in the real world, someone would have to install malware that was taking advantage of these flaws for it to happen, at least until Apple patches the problems.
Unfortunately, if this research does end up becoming real and being programmed into apps entering either the Mac App Store or iOS App Store, it could end up producing problems for customers, not so dissimilar from the malware issues of other operating systems.
One solution, however, might be as simple as having a form of internet security on the computer.
“Mac users have always depended heavily on the fact that there is little malware for the platform, and are generally complacent about security. This is not because there aren’t security issues but because the bad guys have traditionally focused on platforms with bigger and wider adoption,” said Nick Savvides, one of the security experts at Symantec.
“That’s changed, [and] the bad guys are after Mac users as well now, and using new vulnerabilities to exploit these systems. We’ve seen security researchers putting Mac and iOS under the spotlight because of of their new found popularity, so the bad guys quickly follow.”
According to Symantec’s report on the issue, the issues have been reported to Apple with the company intent on fixing them, and given how quickly the company generally jumps on bug fixes, these probably aren’t too far away.
Until then, however, it might be wise to keep a form of internet security on your Mac and only install apps from either app store — mobile or desktop — that you’ve heard reputable things about, at least until this is patched up.