XARA Deconstructed: Deep Look at Cross-App Resource Attacks

Terry Olaes

I Used to be the [H] News Guy
Joined
Nov 27, 2006
Messages
4,646
If you're curious/concerned about the vulnerabilites released from Indiana University affecting iOS and Mac OS X, this site has an in-depth look. There are 4 separate vectors lumped into a bucket called "XARA" or Cross Application Resource Attacks: OS X Keychain, OS X WebSockets, OS X helper apps, and iOS and OS X URL scheme hijacking.

Ultimately, we'll have to wait and see where Apple goes from here. Several of the above items seem like bonafide, exploitable security bugs to me; unfortunately, until Apple fixes them, your best bet is to stay cautious and monitor the software you install.
 
Top