OS X and iOS Unauthorized Cross Application Resource Access (XARA)

This is about rouge apps that preset the environment that other mass used apps will need once activated. Those rouge apps can later hook to those resources, having unauthorized access due to the fact they initiated the creation of the place holder for those resources.

The iOS sandbox protection mechanism can’t yet block this vulnerability.

This becomes very unsettling if you consider your iOS and OSx keychain password store can be exposed as well…

Read more on how this works and how to mitigate the risk. Basically avoid installing apps from

https://isc.sans.edu/diary/OS+X+and+iOS+Unauthorized+Cross+Application+Resource+Access+%28XARA%29/19815

Leave a Reply

Please log in using one of these methods to post your comment:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s