The research in this paper leads to the discovery of a series of high-impact security weaknesses, which enable a sandboxed malicious app, approved by the Apple Store, to gain unauthorized access to other apps' sensitive data. More specifically, the researchers found that the inter-app interaction services, including the keychain and WebSocket on OS X and URL Scheme on OS X and iOS, can all be exploited by the malware to steal such confidential information as the passwords for iCloud, email and bank, and the secret token of Evernote.
ece3215f1041638c7e80717f3528c48fffb5d9d0f9b925cd46938a293c3d9f4fSigning Me onto Your Accounts through Facebook and Google: a Traffic-Guided Security Study of Commercially Deployed Sign-Sign-On Web Services. This is the whitepaper where researchers discovered eight flaws with SSO technologies in use by major players.
24f6a2ecdbf64e223fc0cda388a9962cd29a2d5ffa9328c2a6c7c49b33aed9a4
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed