The hack that exposed the passwords of over 100 million people worldwide has exposed the security vulnerabilities in the iOS mobile app.
In this hack, a group of hackers stole the login details for the iOS app from its developers, a breach that could have been used by hackers to gain access to sensitive personal data of millions of users.
“We’ve already started work to get the iOS login credentials back, but it’s possible that the hacker also stole the passwords for the Apple Pay, Apple Pay Plus, Apple Watch, and other devices that are connected to the account,” said an Apple spokesperson in a statement to Reuters.
A group of six hackers from Germany were able to gain an Apple password for an iPhone 6s Plus that was connected to a password-stealing account.
Apple said in a blog post that the hackers gained access to the device via an exploit in a flaw that’s been patched by Apple.
“Apple has confirmed that the vulnerability in the iPhone 6 and iPhone 6 Plus is fixed,” Apple wrote.
“If you have been affected by this issue, you can download and install the latest version of OS X from Apple’s website.”
The hacker group is said to have used a “remote code execution vulnerability” in Apple’s Mac operating system to gain remote code execution on the devices, according to an iOS researcher.
The group also used a vulnerability in iCloud to steal login details from iOS devices, and an exploit for a critical vulnerability in Safari that allowed the attackers to access private data.
The flaw in the Safari vulnerability allows the attacker to gain full control over a user’s device, even after they log out, according the researcher.
“This vulnerability means that Apple’s Safari is no longer secure.
All users of Safari can see and use the Safari login screen, but Safari is also not secure,” the researcher said.
The researcher, who has worked with Apple to patch the vulnerabilities, said he believed the iPhone security holes were being exploited to steal the login credentials.
“The hacker also used an exploit known as an XSS vulnerability to execute code on a Mac Mini,” he wrote.
“This allows the hacker to steal passwords and other data and has the potential to allow them to decrypt the login information on iOS devices.
The iOS password recovery is no better, as there is no way to recover the credentials from an iOS device.”
The iOS security holes, the researcher added, were also being exploited by criminals to gain entry to personal data.
Apple has released patches for Safari vulnerabilities that were found in the latest Mac OS X release.