Apple devices are often thought to be more secure than open platforms such as Windows and Android, but a recent study shows there are still significant malware threats for iPhone and Mac owners.
Researchers from Indiana University, Peking University and Georgia Tech have published a study highlighting security issues with the way apps communicate with each other on iOS and OS X. The researchers created an app that was able to steal users’ data from the password-storing keychain in OS X, as well as pilfer passwords from banking and email accounts via Google Chrome.
The researchers’ app was able to bypass the security measures Apple has in place to ensure one app can’t gain access to other apps’ data without permission. Methods used include hijacking a browser extension so hackers can collect passwords when users type them in and deleting passwords from the OS X keychain so they can be retrieved when the data is re-entered.
The biggest issue regarding the malicious app is that it was approved for placement in the App Store, which is supposed to be pre-screened by Apple staff for potentially malicious apps. Apple did not immediately respond to a request for comment.
The researchers said they informed Apple about the vulnerability in October but were asked to hold off on making the information public for six months. However, according to their study, the problems still persist. A system-wide update to OS X and iOS is the only way to fully protect against the vulnerabilities, according to the study’s authors.
More Must-Reads from TIME
- Why Trump’s Message Worked on Latino Men
- What Trump’s Win Could Mean for Housing
- The 100 Must-Read Books of 2024
- Sleep Doctors Share the 1 Tip That’s Changed Their Lives
- Column: Let’s Bring Back Romance
- What It’s Like to Have Long COVID As a Kid
- FX’s Say Nothing Is the Must-Watch Political Thriller of 2024
- Merle Bombardieri Is Helping People Make the Baby Decision
Contact us at letters@time.com