The research in this paper leads to the discovery of a series of high-impact security weaknesses, which enable a sandboxed malicious app, approved by the Apple Store, to gain unauthorized access to other apps’ sensitive data. More specifically, the researchers found that the inter-app interaction services, including the keychain and WebSocket on OS X and URL Scheme on OS X and iOS, can all be exploited by the malware to steal such confidential information as the passwords for iCloud, email and bank, and the secret token of Evernote.
You can download it from the following link: https://packetstormsecurity.com/files/download/132343/apple-cross-app-report.pdf
Source: https://packetstormsecurity.com/files/132343/Unauthorized-Cross-App-Resource-Access-On-Mac-OS-X-And-iOS.html