Security researchers have found major flaws in OS X and a single one in iOS that open the door to malware. The exploits allow malicious apps that have made their way into the App Store to bypass or ignore sandbox and other security protections to grab passwords from others apps’ keychain entries, steal data from other apps’ private data storage, hijack network ports, and masquerade as different apps to intercept certain communications.
Apple’s review process for the App Store—both for iOS and OS X—is supposed to prevent malware from entering its system. If that bulwark fails, the company relies on sandboxing, which prevents apps from accessing data and files other than that managed by the app, except through very tightly defined channels.
Four paths to crack
The paper outlines four separate points of weakness:
- Password theft via the system-wide keychain.
- Container cracking between apps, where one app can retrieve the contents of another sandboxed app’s ostensibly private data store.
- Internet socket interception, which allows a malicious app to hijack the flow of traffic to an app.
- Scheme hijacking (both iOS and OS X), in which the system-wide method of launching one app from another is redirected to capture login tokens or other information.