![]() It is now officially available to the Mac App Store, download your copy immediately. Yes! The final version for OS X Yosemite has been released, 10.10.4 that brings with it a boatload of bug fixes and several enhancements. ![]() Since iOS 8.4 is the final version of iOS 8, OS X Yosemite has been served with the similar fate. With iOS 8.4 released today, its uncanny for Apple to leave behind OS X. That means that it's highly unlikely that many (or anyone) has fallen prey to this exploit yet, but this is still a major bug that Apple will want to waste little time in patching up. In order for this exploit to actually gain anything useful, those passwords would have had to have been stored after another application was installed that triggered the exploit. This all sounds horrible, but there is an upside. The ultimate problem is that OS X doesn't verify which application owns which credential set in Keychain, and likewise, there's no mechanism in place to check if saving a credential to another app's keychain is suspicious. The researchers were successful in exploiting this vulnerability, noting that they were able to hijack both Facebook and iCloud passwords. ![]() Examples given are hijacking the passwords in Google Chrome, Evernote, WeChat, Facebook, and iCloud. Specific details are not covered, but it seems that if an app is installed on OS X that takes advantage of this exploit, it can take control of the stored passwords, and other information that might be present (eg: the login username itself). At its root, if Xara is properly exploited, attackers would be able to procure passwords stored in OS X's Keychain, which could be used for most or all of someone's applications. "Xara" might sound like a cool name for an exploit, but according to researchers at three different US universities, it's one that should cause some alarm.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |