Apple’s security reputation takes another hit as researchers reveal long-standing zero-day flaws. Apple has known about major zero-day flaws in its iOS and OS X operating systems for at least eight months, but the flaws are still present.
The security holes in both iOS and Mac OS X allows a malicious app to steal passwords from Apple’s Keychain, as well as both Apple and third-party apps, with being detected. As well as cracking Apple’s keychain, they also broke app sandboxes and bypassed Apple App Store security checks. The team were able to upload malware to the Apple app store and passed Apple’s notoriously stringent vetting process, without triggering any alerts.