Creating a stable and safe software is more ofa utopia than a mere reality, and Apple is now tasting a bit of their own medicine with the latest version of their biggest Mac OS Mojave, where a bridge was found and malicious apps and programs could have complete access to your personal data and sensitive information without even breaking a sweat.
Can you imagine being one of the users and find out your identity has been stolen while you were browsing through Google? Outrageous, right?
In this article, we’ll show you how Apple is dealing with the flaw, and how it was found by an app developer who was trying new stuff.
The Flaw Affects all Mojave Versions
No matter the Mac OS version you’re running on your devices, it’s important to let you know this breach is known to affect all Mojave versions and previous ones as well. Apparently, the exposure allows several apps to have access to people’s browsing history whether it is enabled or not.
Encrypted Information and the fear of leakage
These files are usually encrypted and in read-only mode, but even though people are being conscious and want to protect their information, hackers are smarter and more vicious than a ‘regular’ person. So, it’s inevitable for hackers to access the ‘hidden’ files and check all the information they happen to find inside making you feel vulnerable and ‘naked’ online.
How does it work?
Unfortunately, the app developer who found the breach chose not to share the actual way to enter the files without any restriction whatsoever until Apple is able to release their new patched version after fixing the flaw to avoid problems.
Now you know. If you are an avid iOS lover and love to search around online while using sensitive information, be careful and take good care of your personal data.
When we get access to any kind of website through Facebook login, generally assume that everything is going to be fine because we are accustomed to entering the site with no problems as it seems to be absolutely legit to trust the familiar blue icon.
Now, rules have changed a bit with the new technique some hackers are getting into use and abuse.
Phishing Is Easy to Do
This operational criminal tactic ends up stealing your vital personal information and sending it to hackers so they can do whatever they want with your data. They give a new name to the word phishing.
No matter how vigilant users are they could easily fall for this method of data collection. It was found that cybercriminals were publishing links to services and blogs which sent visitors to read articles or get discounted goods through the login using the Facebook account button.
Once you click on this button two possible things can happen, you’re getting redirected to Facebook or getting served with Facebook on a pop-up window so you can enter your profile through showing Facebook credentials.
Later on, it was pointed out the malevolent blogs and services are showing users a very close to reality phoney Facebook prompt but once they click this, their info gets stolen.
What Happens with The Info?
This info can be stolen for many purposes such as bank account theft, industrial spying, privacy invasion and whatever it might attempt against trustful technology users.
This fake Facebook prompt is specially designed to look and feel exactly as the real deal so users click on it confidently to realize that once they do, they could easily be victims of malware.
Malware is the root of all phishing attacks because thanks to this malicious software, hackers have their way into all the information they can get and get paid for.
As a matter of fact, interaction with this phoney Facebook login prompt is so real that you can drag it anywhere and even click on exit as if it was a real button so people don’t know what they’re getting into.
The only way to protect yourself against this malware attack is to drag the login prompt to the edge of the pop-up window, this way you get to detect if it’s real by checking if it disappears a little towards the border of the window.
It’s always a good practice to authenticate with two factors in order to prevent hacker attacks once they got your information. That way the security breaches can be minimized.
Cybersecurity companies invest millions on trying to avoid all kinds of schemes that destroy the trust of the customers in computer products but we can also do our own in order to keep safe and to take good care of our hardware and software.
It’s quite important to realize how easy we could lose our means of work and entertainment by having a sloppy guarding technique in our equipment. Let’s not allow hackers to do that.
Today there are many applications created for our devices that get the necessary requirements to become indispensable in our lives. One of them is ShareIt, an application capable of sharing videos, photos, and files through all our devices with fast movements and in a short time of waiting.
It is one of the most useful applications that have been created today and has become one of the most popular applications.
In the market of applications there are few that meet these features, but just like it has such good reviews, there are also bad things. Recently a very serious vulnerability has been discovered in the application that allows hackers to infiltrate the systems of users that have the application and can steal data. It is a big problem that attacks the personal data of millions of people.
The vulnerabilities had been discovered in December 2017 and have begun to be corrected immediately by the team in charge of the company, although the technical details about the errors were revealed a few months ago to the surprise of many users.
Network security specialists mention that the details were kept hidden due to the impact of the vulnerability, ease of operation and wide range of attack that users could suffer.
Vulnerabilities can be exploited in a shared Wi-Fi network so hackers may intercept a device’s traffic, among other malicious and counterproductive tasks it has been discovered that the attacker can even gain access.
Access is obtained due to no restrictions on the storage of the compromised device and hackers get all the data stored on a hard disk that could compromise the lives of many people, that is why the work to solve the problem.
To exploit the vulnerability, some simple processes are used where the attacker simply sends a curl command that references the path of the target file. After that, the specialists emphasize that you must know the exact location of the file to which it is pointed and, if not, you can simply copy all the files inside the memory and delete them in its entirety with a simple movement.
It is a very serious flaw and the experts are looking for the best way to solve problems.
The experts developed a proof of concept (nicknamed DUMPit!) with which they managed to download about 3000 different files (about 2 GB of information) in less than 8 minutes and thus made sure that the attackers had easy access to the data of the users, it was a test where good results were achieved to solve the problem.
This is how these problems have managed to create complete chaos within the user base of the ShareIt application. Experts are already solving most of the problems currently and a solution is expected to arrive in the coming days.