|
|
|
|
|
|
by valisystem
4501 days ago
|
|
|
It seems that the only real issue is that it circumvents keychain, that would normally prompt before giving any protected value to unknown code (not signed or already prompted). So a plugin can access to protected data that iTune can fetch from keychain silently. I don't know if there is other ways to achieve that with local attacks, but it looks like a middle of the road issue. Quite serious, but also requires the target system to be already compromised. |
|
|