A group of university researchers have released a paper detailing an active vulnerability in Mac OS X and iOS devices. Malicious applications may be able to gain unauthorized access to passwords stored in other applications, including the Keychain password manager. Apple has not yet released a fix for this vulnerability.

Until a patch is available, UMass Amherst IT recommends UMass Amherst students, faculty and staff:

• Delete store passwords in password managers (e.g., Keychain, LastPass) and web browsers.
  • Reset your Keychain in Mac OS X
  • To delete saved passwords on Safari iOS, go to Settings>Safari>Passwords and Autofill>Saved Passwords. In Passwords, select Edit. Select each saved password and press Delete.
• Do not save passwords on Mac OS X and iOS devices until a patch is released.
• Do not download unfamiliar software or applications.

Questions? Contact the UMass Amherst IT Help Center.