Both your iPhone and Mac have a big fat security flaw that will allow hackers to to steal passwords, including bank login information. Despite knowing that this problem has existed since October 2014, Apple has yet to address the problem. This news comes just one day after it was revealed Samsung’s Galaxy devices had a gaping security hole in its keyboard app.
Researchers from Indiana University and the Georgia Institute of Technology claim that the weakness lies in the ability to easily hack Apple’s Keychain service which stores all of your passwords on your iPhone, Mac, or iPad. The team allegedly reported this issue to Apple back in October (2014), where the company said they understood the seriousness of the problem. Apple asked the researchers to give them six months to address the problem before they went public.
Now, it’s eight months later and the flaws are still in the latest versions of iOS and Mac OS X.
The scariest thing about this news is how the research team compromised their test devices. The team was able to upload malware filled apps that exploited the security flaws to both the iOS App Store and Mac App Store. The apps were approved even after they went through Apple’s screening process.
Numerous apps for both iOS and Mac were tested for the exploit, and it was discovered that almost 90 percent of them were “completely exposed,” which allowed full access to any and all data within the apps. Although it hasn’t been confirmed, it’s believed that to obtain login details, the malware forces users to log into apps manually where it can capture the information.
Until Apple fixes the problem, security experts recommend using extreme caution when downloading new apps from unknown developers, even if they are in the iOS and Mac App stores. You should also be careful when you are prompted to manually login to apps that usually log you in automatically.