Apple system seriously flawed because \"data exchange between applications\"

Editor's Note: recently, serious vulnerabilities of Apple system press attention. May refer to specific news events of Lei feng's network news: comparable to iCloud scandal, exposed serious vulnerabilities Apple systems. Lei feng's network had invited expert analyses in the area of security. Phosphor e active defense lab, Seattle 0xid team, an advisory to track and analyze the whole thing. Here, say their analysis of the situation.For the Apple system a serious vulnerability, hackers to bypass sandbox, steal data from thousands of applications. Is not so simple.Based on currently available information, this vulnerability for unauthorized cross-app resource access (XARA), "unauthorized access across application resource attacks", namely: fraudulent APP can allow an attacker to trick users to steal user passwords and other sensitive information within the application. For Mac OS, then there are further modified the user key chain and may hijack network traffic.Why do we need to access application resources?As we all know, Apple's sandboxing mechanism is enabled by the operating system.So-called sandbox/sandbox/Sandbox is a security mechanism, which is an application running in a separate and enclosed environment, are not able to access data from other applications or system (memory, disk, hardware, and so on). Sandbox can effectively protect the application from other malicious programs steal or tamper with sensitive data, so as to guarantee the user's safety.Modern operating systems, especially the mobile phone operating system, whether it is Apple or Google or Microsoft, provide similar security mechanisms.Sandboxing mechanism, an application running in a separate memory space, use a different data storage area, complete isolation between each other, although this is a feature of Apple has often been criticized for, but to a large extent ensures the safety of users.And the problem is not the sandbox security, but outside of the sandbox security. Is opened a hole in order to share data. For example: a concrete wall between the two rooms cut off thieves corridor a success and then went to another room, actually problem is lack of access control systems and cameras in the corridors, not concrete walls were breached. In this case, concrete wall is Apple's sandbox does not go wrong, and the data shared between applications is corridor connecting two rooms.So it is more accurate to say that Apple's lack of data sharing between appropriate access controls, can be used by an attacker to conduct fishing fraud private data and unauthorized access.But we often need to access other applications from an application, or for data exchange between applications, such as Sina weibo clients share a micro-blogging to micro-circle of friends, or jump from app to chat to a browser to a Web page. Like this:Apple access across applications is designed to perform this function, similar URL can be passed between applications and application sharing, interprocess communication, and so on for data sharing and call each other. For example when we share article from Sina weibo to the app when Sina weibo will through a data-sharing mechanisms related to the micro-client:What's wrong with access across applications?Apparently Apple resource access across applications and are not doing authorization checks and access control, newly installed applications can override/tamper with the cross-application resource access Exchange list, disguised as other applications, read sensitive data of the original application, or trick the user to enter a password.How large is the impact of this problem? Cath Kidston note 4 casesNow, the problem has not caused widespread safety issues because it also bound by multiple criteria.These conditions include the following:1, the first line of Defense: the attacker can upload a fake APP to Apple's app store. We know that Apple has more stringent auditing, which has a great probability of fraudulent applications intercepted by Apple. Of course, attackers can use the certificate to sign the application, but this cost is too high, and if discovered would have been revoked certificates and blacklisted.2, users need to download the application. (Malicious application because there is no traffic, it's hard to be seen by the user, once visited high and easily discovered and blocked by Apple)3, when attackers hijacked a application, will jump to the fake APP, when authorized by the malicious APP can access the APP data, such as local files, and so on, but only the users in to the fake APP interface causes passwords input password theft.4, and this vulnerability on Mac OS (Apple computer) of effect to far than iOS (Apple phone) more big, currently seems, Apple phone of problem main is application between of URL (address) hijacked and fishing fraud, other against compared big of consequences, including: key key chain of steal, and network connection of hijacked, are only on Mac OS effective, temporarily also no effect to Apple phone.Ordinary Mac users should pay attention to? Cath Kidston galaxy note 41, try to download the application (personal or small business development, application downloads at very low), because in this case, is more likely to be a fake application APP;2, as far as possible not to use cross-application data exchange (such as the jump from app to browser, you can choose to copy the link, then open the paste into the address bar of your browser).3, try to maintain the privacy of the data in the APP, as far as possible using a similar function of burn after reading APP4, when using cross-application Exchange, as far as possible not to jump, enter your passwordWinodws and Android Phone has a similar problem?Yet found similar Windows Phone, Android, cross-application data sharing when the user is able to see all of the optional list of applications, does not preclude an attacker can by way of deception, tricking a user into choosing the wrong application for data sharing. Android users also need to be careful.Additional considerationApple of iOS and Mac OS has always been to closed security and known, but in recent years to, with related research of increased, some security vulnerability gradually was exposure, from iCloud data stolen, and to 360 investment of malt to manufacturing virus, again to this times of across application data exchange attack, these event of occurred description iOS/Mac OS has no longer on information security problem immune, Apple user need change past inattention to of mentality, improve alert, Apple company also should more attention information security problem, Introduce third party professional information security team to help Apple improve the security of the system.Limited information at present, Venus Chen this event team will also continue to conduct further analysis and tracking, follow-up will be given more specific details and accurate judgment.2166 votesLumia 940XL\rLumia 940XL as Microsoft Windows 10 ultimate models will be equipped with mycophenolate mofetil 810 processor, with 3GB memory and 32GB storage space, 20 million + 5 million before and after camera configuration and 2K screen meaning 940XL will become the next generation of hardware monster, while supporting the 3D interactive is its unique highlights.\rView details of the voting »