Authored by a Symantec employee
Researchers from the University of Indiana discovered a bug in Apple’s operating system that could allow cybercriminals new ways to use apps to hijack passwords.
Apps that you install on your computer or phone through Apple’s Mac App Store and the iOS App Store stay in a secure container on your device or computer that’s known as a “sandbox”, so they can’t access any of your private information. However, some apps need access to things like your location (for an app that helps you with navigation, for example), and, for that kind of access, the app usually needs to ask for your permission to do so. These University of Indiana researchers discovered a few ways that apps could get access to certain information (like your Keychain, which stores your passwords) without asking for permission first. If these methods are used by cybercriminals, it could allow them to steal users’ login information for all of their websites.
For now, nobody has seen these flaws exploited in this way, but researchers at Symantec believe that, now that this bug has been exposed, it’s only a matter of time before cybercriminals start using it.
Slipping through the cracks in Apple’s gateway
Apple’s security within its App markets is pretty tight, and it does a great job of keeping malicious apps from being distributed; however, when researchers created a malicious app to test the security of the Mac App Store, the app was allowed to go live briefly before Apple’s security pulled it down.
So…how do you stay safe?
- Mac OSX and iOS users should apply any security updates issued by Apple as soon as they become available.
- Use your “spidey senses” when installing new software. Better yet, stick to installing apps from vendors you know and trust.
- Make sure that you have updated security software, which will make it much harder for criminals to use exploits to deliver malware onto your computer or device. No security software? Check out Norton Security for proactive, real-time protection on any device.
- Consider using a free password manager, like Norton Identity Safe, to store your passwords, instead of saving them directly to your computer.
Symantec Corporation, the world’s leading cyber security company, allows organizations, governments, and people to secure their most important data wherever it lives. More than 50 million people and families rely on Symantec’s Norton and LifeLock comprehensive digital safety platform to help protect their personal information, devices, home networks, and identities.
© 2017 Symantec Corporation. All rights reserved. Symantec, the Symantec Logo, the Checkmark Logo, Norton, Norton by Symantec, LifeLock, and the Lockman Logo are trademarks or registered trademarks of Symantec Corporation or its affiliates in the United States and other countries. Firefox is a trademark of Mozilla Foundation. Google Chrome is a trademark of Google, Inc. Mac, iPhone and iPad are trademarks of Apple Inc. Microsoft and the Windows logo are trademarks of Microsoft Corporation in the United States and/or other countries. The Android robot is reproduced or modified from work created and shared by Google and used according to terms described in the Creative Commons 3.0 Attribution License. Other names may be trademarks of their respective owners.