Six university researchers claim to have revealed deadly zero-day flaws in Apple’s iOS and OS X, saying it’s possible to crack Apple’s Keychain, break app sandboxes and bypass its App Store security checks so that attackers can steal passwords from any installed app including the native email client without being detected, reports The Register (http://tinyurl.com/o4y4wja).
The team says it was able to upload malware to the Apple app store, passing the vetting process without triggering alerts that could raid the keychain to steal passwords for services including iCloud and the Mail app, and all those store within Google Chrome. Lead researcher says he and his team complied with Apple’s request to withhold publication of the research for six months, but had not heard back as of the time of writing. They say the holes are still present in the Apple operating systems, says The Register.