Replies

Just when I thought I shoulda bought an Apple iproduct, was shocked to learn of this chink in its armor -

That is currently just a vulnerability. . . and that vulnerability is not on iOS. The serious one is the keychain hack but it requires the hacker to FIRST get a malicious app onto the Mac, not an easy thing to do. The researchers were able to poison their own OS X Keychain App because they had control of the computer, but to get control of someone else's computer and poison THEIR keychain app is an entirely different question. It also requires that they be able to sneak a malicious app onto Apple's curated OS X Mac App store.

". . . steal such confidential information as the passwords for iCloud, email and bank, and the secret token of Evernote." — Your linked Business insider article.

The other big thing they thought they were demonstrating is also not so dire. . . the ability once they have a poisoned Keychain is stealing the iCloud token. . . not, as the article claimed "the iCloud passwords." However, that token is only used to guarantee secure connection between the iCloud's connection for that particular computer and the OS X Mac App store for downloading apps and updates. It could possibly allow a hacker to set up a man-in-the-middle-attack between the Apple server and the user and therefore possibly allow downloading more malicious software, but with a malicious malware already installed on the Mac, that is unnecessary, as the hacker presumably already has control of the Mac and going through such an exercise is moot.

The articles reporting this imply the token could allow a hacker to gain access to a user's iCloud data, but that is patently false. Even access to the Apple Keychain will not get a user's iCloud password because the password and user account for that are NOT STORED in the keychain. The iCloud token has nothing to do with user data.

In iOS, the vulnerability involves an App downloaded from the App store supposedly masquerading as an App that is authorized to inter-connect with another App to share data by using an Apple URL that is linked for that purpose. . . as if Apple would authorize such an App to be on the Apple iOS App store or remain there after such a malicious activity as stealing data from other Apps was discovered. Such Apps have been attempted to be uploaded and such attempts get their developers a lifetime ban from ever doing development for or with Apple. It's simply NOT going to happen. What they are talking about is taking advantage of Apple's inter-App ability to hand-off data. . . and saying a malicious App could be made to steal the data, if some very unlikely events happened. The researchers claim this is a violation of Apple's own sandboxing. . . yet that is how cooperation between Apps is supposed to work.

Preventing malicious Apps is why Apple's App Stores are curated.