Apple Takes Steps to Plug Security Holes

Earlier this week, LifeLock reported on the security vulnerabilities of Galaxy phones.

If you breathed a sigh of relief, or perhaps even smirked because you have an Apple iPhone—bad news—you, too, are vulnerable. So is your Mac.

Get LifeLock protection now.

Whereas the problem with Samsung phones lies in the keyboard, Apple’s issue is with apps.

Researchers with Georgia Tech, Indiana University and Peking University discovered a vulnerability in the way apps interact. An app could be coded to steal users’ data from the keychain, which stores passwords, tokens and keys. 

To prove their point, they developed apps that, once downloaded, were able to steal passwords for bank accounts, iCloud accounts, Facebook and more.

The researchers notified Apple in October 2014 but waited until this week to publish their paper, giving Apple an opportunity to respond to the threat.

On Friday, an Apple spokesman said, "Earlier this week we implemented a server-side app security update that secures app data and blocks apps with sandbox configuration issues from the Mac App Store. We have additional fixes in progress and are working with the researchers to investigate the claims in their paper."

The researchers have labeled the vulnerability XARA, which stands for unauthorized cross-app resource access.

4 Million Members and Counting


"I almost lost my job because someone used my driver’s license and received 8 violations."
- Casey S.


"All of my personal information, even my social security card, was taken."- Jamie A.

It only takes minutes to sign up.

Start Your Membership