Today's Hard|Forum Post
Today's Hard|Forum Post

Friday June 19, 2015

XARA Deconstructed: Deep Look at Cross-App Resource Attacks

If you're curious/concerned about the vulnerabilites released from Indiana University affecting iOS and Mac OS X, this site has an in-depth look. There are 4 separate vectors lumped into a bucket called "XARA" or Cross Application Resource Attacks: OS X Keychain, OS X WebSockets, OS X helper apps, and iOS and OS X URL scheme hijacking.

Ultimately, we'll have to wait and see where Apple goes from here. Several of the above items seem like bonafide, exploitable security bugs to me; unfortunately, until Apple fixes them, your best bet is to stay cautious and monitor the software you install.