A group of researchers from Indiana University say that they’ve found a handful of vulnerabilities in both Apple’s OS X and iOS, and perhaps more worrisome, cracked the Keychain service that the company uses for apps and their sandboxes on OS X.
A series of weak app-to-app authentication vulnerabilities is to blame. If strung together, the issues could be leveraged to exploit Apple apps and steal iCloud passwords, authentication tokens, and saved web passwords on Google Chrome, the researchers warned in an academic paper published Wednesday.
