Cybersecurity researchers have warned about a new flaw called 'Masque Attack' that leaves Apple's iOS operating system vulnerable to cyber attacks by hackers seeking access to sensitive data and control of their devices.
Security research firm FireEye has published details about the vulnerability, and stated that the security flaw enables hackers to access iOS devices by persuading users to install malicious applications with infected text messages, web links and emails. The malware can be used by hackers to replace trusted apps installed through Apple's App Store like banking and email programs, with malicious software.
FireEye stated, “Masque Attacks can replace authentic apps, such as banking and email apps, using attacker’s malware through the Internet. That means the attacker can steal user’s banking credentials by replacing an authentic banking app with an malware that has identical UI. Surprisingly, the malware can even access the original app’s local data, which wasn’t removed when the original app was replaced. These data may contain cached emails, or even login-tokens which the malware can use to log into the user’s account directly.”
Cybersecurity experts urge users to avoid installing apps outside of the Apple's official app store as a precautionary measure. Users should also uninstall any apps if iOS shows an alert with “Untrusted App Developer”.
FireEye says that the security flaw poses a much bigger threat than WireLurker malware discovered earlier this month. The malware started in China from a 3rd party app store- Maiyadi, which loads apps into iOS via Mac OS and affected thousands of devices.
Source: 9to5 Mac