BETA
This is a BETA experience. You may opt-out by clicking here

More From Forbes

Elite Russian Hackers Claim To Have Breached Three Major U.S. Antivirus Makers
School Lunch Business Rivalry Leads To Hacking Charges
Cybercriminals Steal $1.75 Million From An Ohio Church
Ransomware Hits Yet Another U.S. Airport
A Free Wi-Fi Finder App Exposed Passwords To Millions Of Networks
A Ransomware Attack Knocked The Weather Channel Off The Air
Edit Story
ForbesInnovationCybersecurity

Facebook Makes It Free And Easy To Kill Latest Mac And iPhone Zero-Days

Thomas Brewster
Forbes Staff
Senior writer at Forbes covering cybercrime, privacy and surveillance.
Following
This article is more than 8 years old.

The world’s biggest social network does a fair amount of altruistic work, some of it controversial, like Internet.org, some if it just straight-up nice. Falling firmly into the latter category is ‘osquery’, an open source framework for monitoring operating system security, which has just been updated to detect some serious vulnerabilities affecting Apple’s iOS and Mac OS X.

The issues were revealed last week by Luyi Xing, a PhD student at Indiana University Bloomington, and his colleagues. They found a slew of issues, all of which allowed malicious apps to hoover up information from other, legitimate applications, in potentially "devastating" attacks called unauthorized cross-app resource access or XARA. The researchers have created a tool to detect attacks, but has not yet released it publicly. Now Facebook has stepped in to help protect end users.

One of the more serious flaws could have been exploited to poison the Keychain in Macs that store passwords and other authenticating data in “items”. It was possible to create malware, get it onto the Apple App Store and have it delete an item of a legitimate app and force it to dump its authenticating information into an attacker-controlled item. That could have given attackers access to all the private data in the good app. Facebook’s osquery has been given a new tool that exposes what apps are doing on the Keychain to determine if they have malicious intent.

As for a vulnerability where subprograms in apps were able to copy legitimate apps’ supposedly unique identifiers - called bundle identifiers (BIDs) - and hoover up information from them, Facebook has added a “sandbox” detection capability to osquery. This will help users check for duplication and malicious use of BIDs.

Similar protections have been added for an attack outlined by Xing called URI or URL “scheme hijacking”. Such schemes are used when a URL, such as a web link, is selected by a user and, subsequently, a related application, such as a browser, is opened to manage the process. An attacker can use a bad app to register the same URL scheme as a good app and potentially access data for the targeted software in the process. In iOS, the issue is more severe as the most recent app to register the scheme has control over the process.

“At this time, we're not aware of defensive security products, other than osquery, that can detect the exploitation of all of the vulnerabilities outlined in Xing's paper,” said Mike Arpaia, a Software Engineer on the Facebook Security team. “We released osquery last year because we want the Internet to be a safer place. By maintaining an osquery deployment at your organization, you're able to better detect client-side attacks launched against OS X users.”

Given Apple has not provided any timeline on when it plans to address the issues highlighted by the researchers, this kind of open source assistance could prove vital to any business that relies on Macs and iPhones for their everyday operations.

Thomas Brewster
Thomas Brewster