- Andrew Yang upset porn fans with his criticism of Bing Tuesday 10:34 PM
- Kamala Harris really wants Trump kicked off Twitter Tuesday 10:22 PM
- Bernie Sanders jokes he didn’t use medical marijuana before tonight’s debate Tuesday 9:47 PM
- Tulsi Gabbard says she’s not a Russian asset—which is just what a Russian asset would say Tuesday 9:20 PM
- Warren says she doesn’t have a ‘beef with billionaires’ Tuesday 8:59 PM
- Andrew Yang’s Universal Basic Income plan gets support from other candidates Tuesday 8:40 PM
- Christmas creep is real, and it’s all over Tom Steyer’s neck Tuesday 8:05 PM
- Stans are using pictures of Beyoncé to catfish sugar daddies Tuesday 7:18 PM
- Wait, who the heck is Tom Steyer? Tuesday 7:17 PM
- Teacher caught on video in racist rant put on leave without pay Tuesday 5:44 PM
- Pornhub pulls Girls Do Porn videos amid sex trafficking charges Tuesday 4:49 PM
- Gina Rodriguez sings N-word on Instagram story Tuesday 4:41 PM
- Trump Jr. mocked for Hunter Biden tweet about profiting from dad’s name Tuesday 3:58 PM
- All the holiday movies and shows coming to Netflix in 2019 Tuesday 3:48 PM
- Smoke ’em, pass ’em Week 7: The QB blues Tuesday 3:29 PM
Major bug in Apple’s computer OS leaves your passwords dangerously exposed
If you’re an Apple fan, this isn’t great news.
A team of researchers from Indiana University, Peking University, and the Georgia Institute of Technology claim to have busted the keychain wide open—and according to the team, Apple hasn’t fixed the bug since being alerted to it in October 2014.
In a pair of videos and a lengthy research paper, Luyi Xing, Xiaolong Bai, Tongxin Li, XiaoFeng Wang, Kai Chen, and Xiaojing Liao detail a process in which a malicious app—like the one the team built and snuck past Apple’s App Store review process—can access extremely sensitive data such as the passwords and access tokens of other apps, including Apple’s own iCloud and Mail and even Google Chrome.
“We completely cracked the keychain service—used to store passwords and other credentials for different Apple apps—and sandbox containers on OS X,” Lead researcher Luyi Xing told the Register, “and also identified new weaknesses within the inter-app communication mechanisms on OS X and iOS which can be used to steal confidential data from Evernote, Facebook and other high-profile apps.”
According to the researchers, Apple has known about this security issue since late 2014. The company asked for a 6-month delay before the team made its discovery public. But Apple then went silent and still has not patched the holes.
The overwhelming dominance of Microsoft‘s Windows operating system has made it the prime target for hacking and malware over the past two decades. But as Apple’s OS X becomes more and more popular, these kinds of exploits will only grow more common. Now it’s up to Apple to respond with the appropriate fixes.
Photo via dlg_images/Flickr (CC BY SA 2.0)
Mike Wehner is a former tech editor for the Daily Dot who now writes for BGR. His work has appeared everywhere from Yahoo to CNN, and there’s a good chance his Apple Watch is dead right now.