iOS and OS X Security Flaws Enable Malicious Apps to Steal Passwords and Other Data

[PinkyMacGodess]

Yes. Many OS X and iOS vulnerabilities require user interaction, which is a doubled edged sword. For an aware user (like most of the MacRumors crowd) this makes the OS safer, but this is a problem for the general users. Apple will have to patch this so their customers don't harm themselves.

I watched 'blackhat', and pointed out that THAT is how people get their stuff stolen. They often essentially 'hack themselves'... Getting 'click happy'. That's why I hate software firewalls like Zone Alarm, etc. Psychologists have proven that when people are in a hurry, they will will always click 'Yes', or 'OK'. Pretty soon, no firewall...

 

[Thunderhawks]

Your right but Apple have billions of $$. They could put a special 20 man team on this and it fixed within days or weeks. I bet the eco and other top big wigs macs are patched

Who says they didn't? Speculation on yours or my part.

Who says there are even 20 qualified specialists for that?

Read the update. They tried and were so far not successful.

Please apply if you think it's only a matter of money or you know how to fix this.

 

[Thunderhawks]

Never spun that there wasn't an issue.

Of course there is an issue, of course Apple knows and of course they are doing nothing about it,
which is typical for Apple. They never do anything to make their products better and better.

That seems to be your take without proof also.

Read the update and admit you are wrong. They tried to fix it,so far unsuccessfully.

I say they will keep on trying, you'll say they won't, so speculation without proof of facts on both of our parts.
Just mine seems more of a realistic possibility.

 

[SteveW928]

It's easy to forget that these are web "news" agencies and that most people who write for the web are not actual reporters and don't have the same ethical standards as something like the New York Times.

And these days, even those 'standards' don't mean much either.

 

[SteveW928]

You do not know what Apple did so far or what they are doing.
You do not know whether they are worrying about the Apple watch & cash flow instead of fixing what needs fixing.
You do not know what it takes to fix it and if it is even possible.
You do not know how long it took, will take or if it can be fixed.

In summary you just do not know anything more than what you read.

No need to panic or trying to place blame onto Apple any department of theirs and and, just acknowledge that it is and will be a continuing problem for all companies involved in software.

I think the point probably was something more along the lines that today Apple seems too concerned over their $Billions and bling, that such trivialities like security or core software functionality and stability just don't seem to be on the radar anymore. Hopefully iOS 9 and OS X 10.11 will prove us wrong!

 

[SteveW928]

Basically I received an email from American Express asking me to call their service center to check some operations with me.

Hopefully you looked up the contact info for AmEx or used your existing contact info, and didn't call the # listed in that e-mail... right?

 

[Romf]

Hopefully you looked up the contact info for AmEx or used your existing contact info, and didn't call the # listed in that e-mail... right?

I am not that dumb
I checked before and it was a legitimate Amex number.

 

[Thunderhawks]

I think the point probably was something more along the lines that today Apple seems too concerned over their $Billions and bling, that such trivialities like security or core software functionality and stability just don't seem to be on the radar anymore. Hopefully iOS 9 and OS X 10.11 will prove us wrong!

Thank you for a reasonable post
I understand peoples frustration when it SEEMS as if nothing is being done. To then link other things to the problem doesn't work. (But is a human habit to increase urgency or level of disappointment)
Unless we are the ones working on this, nobody knows how many people they put on this issue or which priority it has. (Let's hope top!)
My repeated posts want to highlight that making up unknown facts and then getting upset about it is useless and spreads panic to those who are not that computer savvy.

As for timing if people would think logically, they'd come to the conclusion that if it was EASY, it would have been done already. Since it hasn't been fixed yet it can't be that easy.

If the last update is true, we do now know for a fact that Apple is working on it and has not found a solution yet.

 

[SteveW928]

Thank you for a reasonable post
I understand peoples frustration when it SEEMS as if nothing is being done. To then link other things to the problem doesn't work. (But is a human habit to increase urgency or level of disappointment)
Unless we are the ones working on this, nobody knows how many people they put on this issue or which priority it has. (Let's hope top!)
My repeated posts want to highlight that making up unknown facts and then getting upset about it is useless and spreads panic to those who are not that computer savvy.

As for timing if people would think logically, they'd come to the conclusion that if it was EASY, it would have been done already. Since it hasn't been fixed yet it can't be that easy.

If the last update is true, we do now know for a fact that Apple is working on it and has not found a solution yet.

For sure, we don't (unless we have inside info) know exactly what has taken place. We're just saying that it seems odd for something like that to go for so long with no feedback, etc. And, a history of Apple seeming to ignore various issues and core feature requests until they decide to get around to it. Anyway, there is oddity and context involved here... not just blind speculation.

re: Easy... done already

Not necessarily. In another post I noted how Mojang (makers of Minecraft) ignored a security hole in their server product for over two years. The person who found the hole bugged them a number of times over that period, and EVEN PROVIDED THE CODE FOR THE FIX! They, as far as anyone can tell, ignored him until he decided to go public with it. So, we're not necessarily just talking crazy conspiracy theory here. And, as we've seen with hacks with Target, etc... it isn't like companies jump on these things right away.

Another great example is Apple's whole networking stack. I'm sure they've tried a fix here or there, but it's been an ongoing issue for almost a decade now, rearing it's head on pretty large segments of users after each major and minor update. And, when I was in corporate IT, I saw a big enough sampling of their products to know the problem was real beyond my own personal systems. While it might be complex, a company the size of Apple should build a team to address such issues until they are resolved. They aren't a mom & pop shop anymore.

Remember, always have to include human nature in your logic application.

 

[SlCKB0Y]

Another great example is Apple's whole networking stack. I'm sure they've tried a fix here or there

What are you claiming is wrong with the networking stack?

 

[TougenRoushi]

Though it is very late, I accidentally found this issue yesterday...

I also have interest with why Apple lie neglected the issue for over 6 months, but my biggest interest is how should I do for temporary workaround.

1.Should I lock keychain and authenticate every time application request the password which stored in keychain?
2.Should I remove Google Chrome password from keychain?
3.Apple Mail uses keychain and seems can not be remove passwords from keychain. How should I do? Move to Mozilla thunderbird?

I appreciate your kind suggestion...

Thanks!

 

[SteveW928]

What are you claiming is wrong with the networking stack?

Sorry, I somehow missed the email on this one (and just saw it while cleaning)....

Well, aside from the whole mDNSResponder / Discoveryd mess, WiFi has been a really long-term, problematic area. I haven't heard as much about it in the last year or two, but it was a huge issue for a long time.