Details on OS X and iOS cross application resource attacks

Over the past few days, a lot has been written about this report from Indiana University. Researchers dig into what they call a cross application resource attack (XARA).

From the paper:

Our research leads to the discovery of a series of high-impact security weaknesses, which enable a sandboxed malicious app, approved by the Apple Stores, to gain unauthorized access to other apps’ sensitive data.

The paper goes into great detail on some pretty serious vulnerabilities. You can learn the basics about these forms of attack in Rene Ritchie’s What you need to know post.

From the What should we do? section:

No one needs to panic, but anyone using a Mac, iPhone, or iPad should be informed. Until Apple hardens OS X and iOS against the range of XARA exploits, the best practices for avoiding attack are the same as they’ve always been — don’t download software from developers you don’t know and trust.

Frustrating, but true. To learn more, you can start by reading this article by Nick Arnott, which digs into more detail on the exploits. And, of course, you can read the original paper.

Stay careful and know the source of any application you run, same as always.



  • rattyuk

    Oh, so true,

    Please let me know when this is an actual thing.

    Everyone posts “the sky is falling”

    In the meantime everyone ignores you HAVE to type your admin password to make this work