Researchers cracked iCloud Keychain and bypassed App Store approval processes.
A group of six university researchers claim to have successfully bypassed Apple’s tight App Store approval processes to publish Mac and iOS malware apps. According to the report, the team presented the zero-day vulnerability to Apple back in October 2014 and were told to keep quiet about it for at least six months.
Luyi Xing, a security researcher who helped expose the zero day vulnerability, still has yet to hear back from Apple on a possible fix.
Older Apple computers may be susceptible to a new zero-day vulnerability discovered by a security researcher, who found the flaw can be used to install rootkit malware that’s nearly undetectable and very hard to remove.
According to Apple, a “small number” of its employees computers were compromised due to a vulnerability in Java.
How Did It Happen?
It appears that this zero-day exploit is the same one that resulted in a number of Facebook employees having malware installed on their laptops as a result of visiting a mobile developer website that had been compromised: Apple says their employees were infected “through a website for software developers.”