iOS and OS X bug lets attackers steal passwords from iCloud Keychain


Researchers cracked iCloud Keychain and bypassed App Store approval processes.
Photo: Faris Algosaibi/Flickr CC

A group of six university researchers claim to have successfully bypassed Apple’s tight App Store approval processes to publish Mac and iOS malware apps. According to the report, the team presented the zero-day vulnerability to Apple back in October 2014 and were told to keep quiet about it for at least six months.

Luyi Xing, a security researcher who helped expose the zero day vulnerability, still has yet to hear back from Apple on a possible fix.

What You Need To Know About Today’s Apple Hack



What Happened?

According to Apple, a “small number” of its employees computers were compromised due to a vulnerability in Java.

How Did It Happen?

It appears that this zero-day exploit is the same one that resulted in a number of Facebook employees having malware installed on their laptops as a result of visiting a mobile developer website that had been compromised: Apple says their employees were infected “through a website for software developers.”