iCloud security flaw put iPhone, Mac passwords at risk

A security flaw in iOS devices that went largely unreported after it was revealed to have been fixed had the potential to be one of the most damaging security vulnerabilities this year.
The bug exploited a flaw in how Apple’s iCloud Keychain synchronizes sensitive data across devices, like passwords and credit cards on file, which — if exploited — could’ve let a sophisticated attacker steal every secret stored on an iPhone, iPad, or Mac.
“The bug we found is exactly the kind of bug law enforcement or intelligence would look for in an end-to-end encryption system,” said Alex Radocea, co-founder of Longterm Security, who is set to reveal more details about the now-fixed vulnerability at the Black Hat conference in Las Vegas on Wednesday.
Radocea said the flaw could have let an attacker punch a hole in the end-to-end encryption that Apple uses to ensure nobody can read data as it is sent across the internet.<!–more–>

Comment or Add Prayer