[Openid-specs-native-apps] Unauthorized Cross-App Resource Access on MAC OS X and iOS
Nat Sakimura
sakimura at gmail.com
Thu Jun 18 13:51:42 UTC 2015
Just went through it.
For iOS, it is just talking about scheme impersonation, which is not new at
all for us.
For OS X, it found keychain vulnerability for OS (OS Bug), BundleID
impersonation (App Store process bug), and improper app authentication when
using web socket for many apps including 1password (application bug).
Nat
2015-06-18 20:58 GMT+09:00 Nat Sakimura <sakimura at gmail.com>:
> We probably want to look at this.
>
> https://drive.google.com/file/d/0BxxXk1d3yyuZOFlsdkNMSGswSGs/view
>
> --
> Nat Sakimura (=nat)
> Chairman, OpenID Foundation
> http://nat.sakimura.org/
> @_nat_en
>
--
Nat Sakimura (=nat)
Chairman, OpenID Foundation
http://nat.sakimura.org/
@_nat_en
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.openid.net/pipermail/openid-specs-native-apps/attachments/20150618/58e57d4e/attachment.html>
More information about the Openid-specs-native-apps
mailing list