Tech Made Simple

Hot Topics: How to Fix Bluetooth Pairing Problems | Complete Guide to Facebook Privacy | How to Block Spam Calls | Snapchat Symbol Meaning

We may earn commissions when you buy from links on our site. Why you can trust us.

author photo

Apple Devices Threatened by Keychain Vulnerability

by Fox Van Allen on June 17, 2015

Apple productsThere’s a major new security threat for owners of Apple devices, specifically iPhones, iPads and Mac computers. Researchers at Indiana University and the Georgia Institute of Technology have discovered a flaw in the way iOS and OS X apps interact with the Keychain password storage app, potentially giving thieves access to all your saved login credentials. Data stored in third-party apps like Facebook may also be vulnerable via the communications flaw.

According to U.K.’s The Register, the researchers first approached Apple about the potential security nightmare in October 2014. Apple requested researchers give it 6 months to fix the flaws before revealing the critical gap to the media. In February 2015, Apple requested an advance copy of the researchers’ paper. The issue is now being made public, it appears, to pressure Apple into faster action.

“"We completely cracked the keychain service - used to store passwords and other credentials for different Apple apps - and sandbox containers on OS X, and also identified new weaknesses within the inter-app communication mechanisms on OS X and iOS which can be used to steal confidential data from Evernote, Facebook and other high-profile apps," explains lead researcher Luyi Xing of Indiana University Bloomington. He further notes how his team was able to use the flaw to steal banking logins from Google Chrome, steal photos from WeChat and compromise data stored in archival app Evernote.

The vulnerability is accessed via malware uploaded to the Apple App Store (the researcher’s test passed malware vetting by Apple), so in the short term at least, it pays to be suspicious of new apps from unknown developers. You should also be attentive to any unusual requests for you to enter your login information, especially when your phone typically handles such authentication.

Apple has not yet addressed this security issue, but both it and Google have acknowledged its existence. It’s important to get this vulnerability fixed on all your devices, so be sure to install any Apple operating system update as soon as the company makes it available. You should also make it a priority to update your most important passwords after the patch. 

[Image credit: mama_mia /


Computer Safety & Support, News, Computers and Software, Phones and Mobile, iPhone/iPad Apps, Blog

Discussion loading

Home | About | Meet the Team | Contact Us
Media Kit | Newsletter Sponsorships | Licensing & Permissions
Accessibility Statement
Terms of Use | Privacy & Cookie Policy

Techlicious participates in affiliate programs, including the Amazon Services LLC Associates Program, which provide a small commission from some, but not all, of the "click-thru to buy" links contained in our articles. These click-thru links are determined after the article has been written, based on price and product availability — the commissions do not impact our choice of recommended product, nor the price you pay. When you use these links, you help support our ongoing editorial mission to provide you with the best product recommendations.

© Techlicious LLC.