Breaking News

DJI Agras T100, T70P and T25P Launches Globally Sony Introduces the RX1R III Razer Introduces Next-Generation Connectivity and Performance with New Thunderbolt 5 Dock and Core X V2 Transcend's New ESD420 Portable SSD Offers MagSafe Compatibility and Pro-Level Performance G.SKILL Trident Z5 DDR5 Memory and WigiDash Receives European Hardware Awards 2025

logo

  • Share Us
    • Facebook
    • Twitter
  • Home
  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map

Search form

Researchers Identify New iOS Vulnerability

Researchers Identify New iOS Vulnerability

Smartphones Nov 10,2014 0

Researchers with cybersecurity firm FireEye said on Monday that they have uncovered a bug in Apple's iOS operating system that makes devices vulnerable to remote cyberattacks. Dubbed "Masque Attack", the vulnerability allows the attacker to use malware and replace authentic iOS apps, such as banking and email apps, installed on a device. That means the attacker could steal user's banking credentials by replacing an authentic banking app with an malware that has identical UI.

FireEye's researchers claim that the malware could even access the original app's local data, which wasn't removed when the original app was replaced. These data may contain cached emails, or even login-tokens which the malware could use to log into the user's account directly.

All apps can be replaced except iOS preinstalled apps, such as Mobile Safari. This vulnerability exists because iOS doesn't enforce matching certificates for apps with the same bundle identifier.

"The vulnerability exists because iOS doesn't enforce matching certificates for apps with the same bundle identifier," the researchers explained.

They verified this vulnerability on iOS 7.1.1, 7.1.2, 8.0, 8.1 and 8.1.1 beta, for both jailbroken and non-jailbroken devices. An attacker could also leverage this vulnerability both through wireless networks and USB.

FireEye mobile security researchers have discovered the iOS vulnerability earlier this summer have already notified Apple about it.

Recently Claud Xiao discovered the "WireLurker" malware, which also started to utilize a limited form of Masque Attacks to attack iOS devices through USB, FireEye said.

iOS users can protect themselves from Masque Attacks by not installing apps from third-party sources other than Apple's official App Store or the users' own organizations. They should also never click "Install" on any pop-ups from third-party web pages, and uninstall any possible app that shows an iOS alert with "Untrusted App Developer" upon opening.

Tags: Virus
Previous Post
Firefox Anniversary Edition Adds More Privacy Features
Next Post
Obama Outlines Plan for a Free and Open Internet

Related Posts

  • Samsung Laptop Full of Notorious Malware Is On Sale For $1.2M

  • Cisco Identifies Virus That Kills Off PCs

  • Researchers Identify iOS Espionage App

  • Dropbox, WordPress Used To Spread Malware

  • Microsoft Says Viruses Are Back On The Rise

  • First Targeted Attack Utilising Malware for Android Devices Reported

  • Cyber Attack Targets Nato, Government Websites

  • Stuxnet Roots Found Back in 2005

Latest News

DJI Agras T100, T70P and T25P Launches Globally
Drones

DJI Agras T100, T70P and T25P Launches Globally

Sony Introduces the RX1R III
Cameras

Sony Introduces the RX1R III

Razer Introduces Next-Generation Connectivity and Performance with New Thunderbolt 5 Dock and Core X V2
Gaming

Razer Introduces Next-Generation Connectivity and Performance with New Thunderbolt 5 Dock and Core X V2

Transcend's New ESD420 Portable SSD Offers MagSafe Compatibility and Pro-Level Performance
PC components

Transcend's New ESD420 Portable SSD Offers MagSafe Compatibility and Pro-Level Performance

G.SKILL Trident Z5 DDR5 Memory and WigiDash Receives European Hardware Awards 2025
Enterprise & IT

G.SKILL Trident Z5 DDR5 Memory and WigiDash Receives European Hardware Awards 2025

Popular Reviews

be quiet! Light Loop 360mm

be quiet! Light Loop 360mm

be quiet! Dark Mount Keyboard

be quiet! Dark Mount Keyboard

be quiet! Light Mount Keyboard

be quiet! Light Mount Keyboard

Noctua NH-D15 G2

Noctua NH-D15 G2

Soundpeats Pop Clip

Soundpeats Pop Clip

be quiet! Light Base 600 LX

be quiet! Light Base 600 LX

Crucial T705 2TB NVME White

Crucial T705 2TB NVME White

be quiet! Pure Base 501

be quiet! Pure Base 501

Main menu

  • Home
  • News
  • Reviews
  • Essays
  • Forum
  • Legacy
  • About
    • Submit News

    • Contact Us
    • Privacy

    • Promotion
    • Advertise

    • RSS Feed
    • Site Map
  • About
  • Privacy
  • Contact Us
  • Promotional Opportunities @ CdrInfo.com
  • Advertise on out site
  • Submit your News to our site
  • RSS Feed