It’s not too often that Apple encounters an issue that can’t be fixed instantly. However, a research team at Indiana University discovered a flaw in iOS and OSX that is causing Apple cause for concern. The team uncovered multiple ways in which many installed apps could be hacked by others in order to get a hold of passwords stored in both the Apple Keychain and Apple and third-party apps without being detected. Now, we’re not just talking about your Instagram being hacked; CNN explained that this hack, “exposes the passwords to your iCloud account, notes, photos, email, banking, social media – everything.”
The researchers discovered a way that dangerous software used by hackers could make its way into the Apple Keychain, delete your old password, and wait for you to enter a new one. The software then records your new password, thus gaining access to all of your most sensitive information. Additionally, they came across an issue with the process by which Apple assigns unique IDs, called BIDs, in order to categorize Mac programs. Hackers have the ability to assign an email app’s BID to one of their hacking software and sneak their way into a “trusted” group of programs. As noted by CNN, “the Indiana University team analyzed the top 1,612 Mac apps, and found that 89% of them were susceptible to these kinds of attacks.”
Although Apple had no comment, it has been mentioned that they are working on this issue, even though the process to rid the hackers and update every app would require full focus and attention from all independent Apple developers. They are also working on the screening process, which approves and disapproves new programs for the App Store. It was said that the hardest problem to solve will be the actual Keychain which holds all of the passwords.