Petronella Blog Archive

Visit our New Blog

Apps Can Steal Your iOS Passwords

Blog Post

Apple's app sandbox was set up to make sure apps come from trusted developers and treat other apps as untrustworthy as a matter of safety.  Researchers, however, have found very serious holes in the sandbox.

Proof-of-concepts apps, meaning apps that have been created simply to prove something can happen (in other words, they're not built by hackers), have been able to bypass the security and protections built into the sandbox, reach into other apps and pull information and resources from them.  This is know as a XARA attack, cross-application resource access.

Using the testing app, a developer was able to access all kinds of sensitive information: keychain passwords, passwords for other apps including banking apps, email and more.  A hacker could also use an app to hijack the data sent over the internet from your device, take over other apps and send that data somewhere for the hacker to retrieve.

There's currently no solution to this vulnerability.  Hopefully Apple will fix this issue soon, so make sure to update any iOS devices as soon as you have the ability to do so.