What is Apple doing to address the cross app resource access (XARA) issue?

Question

WEB2012 Author

Level 1

8 points

What is Apple doing to address the cross app resource access (XARA) issue?

Articles mention Apple has known about the zero-day security flaw in iOS and OS X which could lead to password theft for 9 months? Any progress to report? Any update? Any guidance as to how we can secure our apple products? Have currently disabled all app updates across my families apple devices, having them not reboot their devices and no downloads from the Apple Store. Would appreciate hearing from Apple as to their plan moving forward. Thx WEB (Src doc - http://www.intego.com/mac-security-blog/serious-zero-day-security-flaw-ios-osx-p assword-theft/?utm_source=Cluley&utm_campaign=2c2e21dc5a-Graham_Cluley&utm_mediu m=email&utm_term=0_8106850f4a-2c2e21dc5a-62389033)

Mac Pro, OS X Yosemite (10.10.3), 2- MacPros; 3-iPads; 4 iPhones

Posted on Jun 19, 2015 7:06 AM

Reply

Answer 1

D.Cohen

Level 6

8,588 points

Jun 19, 2015 7:07 AM in response to WEB2012

We are not allowed to discus Apple plans and actions on this forum.

Reply

Answer 2

The hatter

Level 9

60,990 points

Jun 19, 2015 7:13 AM in response to WEB2012

There are plenty of sites, blogs devoted to security and people that follow security issues closely.

A good start http://www.zdnet.com/blog/security/

I just turn off Intego somewhat though back in OS 9 days I did support their products etc.

Reply

Answer 3

WEB2012 Author

Level 1

8 points

Jun 19, 2015 7:49 AM in response to D.Cohen

So where should apple consumers go to understand and receive information with respect to this security issue? Surely not ZDNet like The Hatter is suggesting. Thanks D. Cohen for your reply and I look forward to hearing where/whom I should contact regarding the issue.

Reply

Answer 4

willp1

Level 1

121 points

Jun 19, 2015 8:20 AM in response to WEB2012

Go to for the right information. https://isc.sans.edu/index.html

These are real security people.

Will

Reply

Answer 5

WEB2012 Author

Level 1

8 points

Jun 19, 2015 8:26 AM in response to willp1

Thanks willp1.

Reply

Answer 6

The hatter

Level 9

60,990 points

Jun 19, 2015 9:22 AM in response to WEB2012

Lot of reasons not to always trust any news source but I think you should have a good reason. ZDnet is more trustworthy than Intego, or maybe even NY Times perhaps?

Dig into the subject and some dark web rabbit holes lately?

Reply

Answer 7

willp1

Level 1

121 points

Jun 19, 2015 9:33 AM in response to The hatter

Hatter that is not news source.

Reply

Answer 8

Klaus1

Level 9

52,749 points

Jun 19, 2015 4:09 PM in response to WEB2012

Keep up to date with this source:

http://www.thesafemac.com/multiple-vulnerabilities-found-in-mac-os-x/

Reply

Answer 9

WEB2012 Author

Level 1

8 points

Jun 19, 2015 6:22 PM in response to Klaus1

Thank you Klaus. The article was concise and pretty straightforward (given the number and complexity of the issues). Hopefully Apple will have some good news for we users in the near future because (at the moment) many of us are very nervous. Thanks again -Walt

Reply

Answer 10

Jun 19, 2015 6:36 PM in response to WEB2012

<http://appleinsider.com/articles/15/06/19/apple-addresses-xara-vulnerabilities-s ays-fixes-on-the-way>

Reply

Answer 11

WEB2012 Author

Level 1

8 points

Jun 19, 2015 7:04 PM in response to Malcolm J. Rayfield

Outstanding! Thanks Malcolm for the news update and thanks Apple for working to keep us secure 🙂

Reply