Apple devices are often thought to be more secure than open platforms such as Windows and Android, but a recent study shows there are still significant malware threats for iPhone and Mac owners.
Researchers from Indiana University, Peking University and Georgia Tech have published a study highlighting security issues with the way apps communicate with each other on iOS and OS X. The researchers created an app that was able to steal users’ data from the password-storing keychain in OS X, as well as pilfer passwords from banking and email accounts via Google Chrome.
The researchers’ app was able to bypass the security measures Apple has in place to ensure one app can’t gain access to other apps’ data without permission. Methods used include hijacking a browser extension so hackers can collect passwords when users type them in and deleting passwords from the OS X keychain so they can be retrieved when the data is re-entered.
The biggest issue regarding the malicious app is that it was approved for placement in the App Store, which is supposed to be pre-screened by Apple staff for potentially malicious apps. Apple did not immediately respond to a request for comment.
The researchers said they informed Apple about the vulnerability in October but were asked to hold off on making the information public for six months. However, according to their study, the problems still persist. A system-wide update to OS X and iOS is the only way to fully protect against the vulnerabilities, according to the study’s authors.
More Must-Reads from TIME
- How Donald Trump Won
- The Best Inventions of 2024
- Why Sleep Is the Key to Living Longer
- How to Break 8 Toxic Communication Habits
- Nicola Coughlan Bet on Herself—And Won
- What It’s Like to Have Long COVID As a Kid
- 22 Essential Works of Indigenous Cinema
- Meet TIME's Newest Class of Next Generation Leaders
Contact us at letters@time.com