Threat Category: Authentication: User or Device to Remote Service
Threat Description: Vulnerabilities in applications may allow attackers to steal credentials from a device either remotely or with physical access.
Mobile Top 10 2016 1
Serious OS X and iOS Flaws Let Hackers Steal Keychain, 1Password Contents 2
When creating files, named sockets, or similar resources statically-defined (i.e., predictable by an attacker), verify that the resource does not already exist. If it does, cease execution and exit the app with an error that prompts the user to take action.Enterprise
Use app-vetting tools or services to identify malicious apps that exploit cross-application resource attacks.
Mobile Top 10 2016, Mar. 2016; www.owasp.org/index.php/Mobile_Top_10_2016-Top_10 [accessed 8/23/2016] ↩
D. Goodin, “Serious OS X and iOS Flaws Let Hackers Steal Keychain, 1Password Contents”, Ars Technica, 17 June 2015; http://arstechnica.com/security/2015/06/serious-os-x-and-ios-flaws-let-hackers-steal-keychain-1password-contents/ [accessed 8/25/2016] ↩