CHINA TOPIX

12/22/2024 05:45:42 pm

Make CT Your Homepage

New iOS "Masque Attack" Security Vulnerability Found

iPhone

(Photo : Reuters) iPhones were a big hit on Black Friday.

In the past month there have been quite a few vulnerabilities brought up on OS X and iOS, and now there is the newest malware bugknown as Masque Attack.

Like Us on Facebook

Spotted by FireEye Mobile earlier today, Masque Attack works by sending a phishing SMS message to the user with a link included. If the user clicks the link, they will be prompted to download a certain app, but instead of downloading the app, the malware bug will recreate an official app and masquerade as it.

In a demo of the findings, FireEye Mobile showed how an SMS linking to a "Flappy Bird" download allows the Masque Attack to intercept the Gmail app. Hackers could use this to take all sorts of information from vulnerable apps on iOS.

However, even with the potential damage Masque Attack could achieve, there have not yet been any reports of this affecting people. Fortunately, many users would not click a third-party link on an SMS message, and then press download from a third-party website.

Masque Attack can target users on iOS 7.1 to iOS 8.1 - Apple currently has not commented on the new hack. Not being able to download third party apps from the web browser seems like the obvious solution, or making sure users know the phone number is not recognized.

Users should always download from the official apps store. If their iPhone is "jailbroken," they should look toward reputable stores, which are known for having clean downloads. Apple has previously warned users on the potential problems of downloading from the web browser.

Unless hackers can find a way to gain access to iPhone phone numbers, this looks to be a smaller scale issue compared to WireLucker. The previous iOS, OS X issue affected 350,000 users, mostly in China, before being patched by Apple.

Real Time Analytics