Search Google Appliance

Information Technology

Vulnerability in Mac OS X and iOS Devices Could Allow Unauthorized Access to Stored Passwords

June 26, 2015

A group of university researchers have released a paper detailing an active vulnerability in Mac OS X and iOS devices. Malicious applications may be able to gain unauthorized access to passwords stored in other applications, including the Keychain password manager. Apple has not yet released a fix for this vulnerability.

Until a patch is available, UMass Amherst IT recommends UMass Amherst students, faculty and staff:

  • Delete store passwords in password managers (e.g., Keychain, LastPass) and web browsers.
    • Reset your Keychain in Mac OS X
    • To delete saved passwords on Safari iOS, go to Settings>Safari>Passwords and Autofill>Saved Passwords. In Passwords, select Edit. Select each saved password and press Delete.
  • Do not save passwords on Mac OS X and iOS devices until a patch is released.
  • Do not download unfamiliar software or applications.

Questions? Contact the UMass Amherst IT Help Center.