This week a group of researchers published details about a zero-day vulnerability in iOS and OS X that is related to most of the applications running within them. Representatives of Indiana University, the University of Beijing and the Georgia Institute of technology published their findings in the article titled Unauthorized Cross-App Resource Access on Mac OS X and iOS (“Unauthorized cross-programmatic access to resources on platforms OS X and iOS”).
The description describes how you can upload malicious apps in the App Store and the Mac App Store, beating the moderation system. Then it can access the data Manager password management “keychain access” and other installed apps and the Google Chrome browser.
Apple has officially commented on the article the researchers, noting that he was preparing a fix for the issue.
“Earlier this week we installed on the server side security update that protects application data and blocks ALONG with problems in the configuration of the sandbox. Together with experts we are preparing additional patches,” reads a company statement.
Apple was informed about the problem in October last year, the company reported that as of the closing vulnerabilities will take six months. Eight months later the vulnerabilities are still present in the latest versions of iOS and OS X.
Meanwhile, the team of Google Chromium removed the integration of its browser with a “Bunch of keys”, considering that the problem could not be solved at the software level. According to the researchers, vulnerable to attack 88% of the applications they tested.
The fix for the issue is expected in iOS 8.4 and OS X Yosemite 10.10.4 that are in the testing phase.