Apple and Samsung devices' two detailed flaws were exposed by researchers. The said vulnerability is affecting millions of Android, Apple and iOS users.
The first mentioned flaw is zero-day bug in iOS and OS X. It allows stealing the keychain, Apple's password and management system. It then enables an app approved to gain access to other apps sensitive data. This was revealed in a written research and academic paper made from Peking University, Indiana University and the Georgia University.
According to KrebsonSecurity, researchers found out that the inter-app interaction services, including the keychain, can be exploited to steal confidential information like passwords for iCloud, email, bank and the secret token of Evernote.
The researchers tested the findings by circumventing the restrictive checks of the Apple store, and this attack apps made was approved the App store, exposing 88 percent of the apps.
Another flaw is the Samsung keyboard, Swiftkey, which is available on more than 600 million Samsung devices including the newly released Galaxy S6. This keyboard app allows hackers to remotely access resources like camera, GPS and microphone.
This vulnerability comes with an app called Swift keyboard, which according to researcher Ryan Welton runs on a privileged account on Samsung devices.
The hackers take control when the user is connected to a wireless or hotspot local network. They gain access to execute the code by abusing the behavior of certain APIs. This attack is completely silent, highly reliable and affects all devices, blackhat reported.
Both Samsung and Apple are aware of these flaws. Both take emerging security threats very seriously and suggested to never allow any apps from the unknown developer.