A group of university researchers have released a paper detailing an active vulnerability in Mac OS X and iOS devices. Malicious applications may be able to gain unauthorized access to passwords stored in other applications, including the Keychain password manager. Apple has not yet released a fix for this vulnerability.
Until a patch is available, UMass Amherst IT recommends UMass Amherst students, faculty and staff:
Delete store passwords in password managers (e.g., Keychain, LastPass) and web browsers.
- Reset your Keychain in Mac OS X
- To delete saved passwords on Safari iOS, go to Settings>Safari>Passwords and Autofill>Saved Passwords. In Passwords, select Edit. Select each saved password and press Delete.
- Do not save passwords on Mac OS X and iOS devices until a patch is released.
- Do not download unfamiliar software or applications.
Questions? Contact the UMass Amherst IT Help Center.