According to researchers, the iOS operating system of Apple Inc. contains a bug that makes its devices, including the iPhones, iPads and iPods vulnerable to cyber-attacks performed by hackers who are in search of confidential information and sensitive data and wish to gain control of the devices. FireEye Inc., a cybersecurity firm, published details about the iOS’s vulnerability in their blog this week. As per their statement, the bug allows hackers to gain access to devices by convincing users to install malicious applications, which comprise of tainted emails, messages and Web links.
The bug has the ability of replacing trusted and genuine apps that were downloaded from the App Store of Apple with the malicious application and this includes banking programs and emails. They use malicious software for accomplishing this task and the security firm gave the software the name of Masque Attack. Email and banking login credentials can be stolen through these attacks, along with other sensitive data. This information has been provided by FireEye and the firm is recognized and respected in cybersecurity circles because of its research. Tao Wei, the senior staff research scientist of Fire Eye, said that this vulnerability is immensely powerful and can be exploited with ease.
There are robust security features installed in Apple’s iOS and it definitely isn’t easy for hackers to install malware on devices by making use of traditional techniques that are used for infecting Android mobile devices and Windows machines including malicious web links and emails. Instead, malware installation is enabled by the Masque Attack by exploitation of a system that was primarily developed by the American technology giant for large organizations. The system allowed these organizations to implement custom-built software without having to visit the App Store of the company. This information was provided by the iOS product manager at Lookout, a security firm, called David Richardson.
Apple doesn’t vet these applications for malware as opposed to the applications that are available in the App Store. However, pop-up notifications are indeed issued to the users for questioning them whether they want to prevent the installation of the apps or not. Users can simply opt for ‘Don’t install’ and they will remain safe from the dangers posed by this vulnerability. It was in July that the iPhone maker had been informed about this vulnerability by FireEye and the company’s representatives said that they were actively working on finding a way to deal with this bug.
The company itself did not provide any information about this latest bug. It was In October that news about the vulnerability had started to spread on specialized web forums where hackers and security experts discuss information pertaining to various Apple bugs. Mr. Wei said that his security firm had decided to disclose the information to the public only after the uncovering of WireLurker last week, which had been made by Palo Alto Networks Inc. This was the first campaign conducted for taking advantage of the vulnerability that has been dubbed as Masque Attack. This is the only campaign, but there are likely to be more in the future.