Double trouble for Apple, as two software security flaws discovered

[InfoSec News <alerts () infosecnews org>]

http://www.theguardian.com/technology/2014/nov/06/apple-mac-iphone-security-malware

By Alex Hern
The Guardian
6 November 2014

Users of Apple’s Mac OS X are being warned to watch out for not one, but 
two new weaknesses in the platform which can be used in attacks – one of 
which is already in the wild.

The first, known as Rootpipe, affects multiple versions of Mac OS X, 
including the newest release, Yosemite. It lets an attacker gain “root” 
control of a computer, the highest level of access, without having to know 
a password.

Rootpipe could theoretically allow a hacker to install any malicious 
software that could be used to steal credit cards details or other 
personal data, among other things.

The other, called Wirelurker, is the first malware seen in the wild which 
targets iOS devices that haven’t been jailbroken. Wirelurker could be used 
to extract basic personal information from a phone. It tricks the user 
into installing it on their Mac, and then waits until an iPhone or iPad is 
plugged in over USB before using the trusted relationship between the two 
to install software on the mobile device.

[...]

--
Evident.io - Continuous Cloud Security for AWS.
Identify and mitigate risks in 5 minutes or less.
Sign up for a free trial @ https://evident.io/