News

Researchers find flaw in iOS sandbox that allows apps to share data

By admin
Spread the love

Researchers at the German University of Darmstadt have discovered several vulnerabilities in the iOS sandbox using their own tool. One of the leaks allows apps to access data from other apps.

The study was conducted in collaboration with the American University of North Carolina and the Polytechnic University of Bucharest. The scientists explain in a press release that they have examined the iOS sandbox. In addition, they have identified several vulnerabilities, which, for example, allow the blocking of memory and apps. It is also possible to access data from other apps and bypass contact security settings.

In addition, access to the gallery and thus to exif data of photos is possible, in which, for example, location data is stored. The metadata of other system files can also be accessed in this way. The vulnerabilities found could, for example, be applied by developing a malicious app, the researchers say. In fact, the iOS sandbox is intended to restrict permissions and access to system components for apps to counter an attack. For example, apps normally do not have access to each other’s data. The press release does not go into further detail about the leaks found.

The scientists conducted their research by exporting the sandbox profiles created for each app and making them “human readable.” These profiles specify which access rights a particular app has. The research team has developed an automated tool that can be used to detect vulnerabilities. Professor Ahmad-Reza Sadeghi, who took part in the study, said: “Many people think that Apple’s closed operating system is more secure than the open Android system, so we want to take a closer look at iOS vulnerabilities.”

The team has reported the findings of the investigation to Apple, and the company has committed to addressing the vulnerabilities in upcoming releases of iOS. The scientists also criticize Apple, because the company “closes itself off too much from cooperation with the academic community and is not cooperative enough.”

The research, entitled ‘SandScout: Automatic Detection of Flaws in iOS Sandbox Profiles’, will be presented by the scientists at the ACM conference for computer and communications security in Vienna in October.

Schematic representation of iOS sandbox

You might also like
News

Apple has been working on its own search engine for years. It’s called…

News

Rumor: Apple is working on its own applications based on a large language model

News

EU Council determines position on security requirements for digital products

News

Samsung develops first GDDR7 chips, mentions bandwidths of up to 32Gbit/s per pin

News

Microsoft announces Bing Chat Enterprise and Copilot pricing for businesses

News

Meta introduces open source language model Llama 2, works on PCs and phones