Apple iOS bug makes iPhones, iPads vulnerable to Masque Attack

Most iPhones and iPads may be vulnerable to remote cyberattacks owing to a bug in Apple's iOS operating system, says internet security firm FireEye.

The "Masque Attack" allows hackers to replace one of the users' existing apps with malware, FireEye reported in a blog post.

• Read full blog post

The vulnerability affectsiOS 7.1.1., 7.1.2., 8.0, 8.1 and 8.1.1 beta.

A "limited form" of the Masque Attack was used in the recent "Wirelurker" attacks in China. The Wirelurker malware could installthird-party apps in regular, non-jailbroken iOS devices, then hop from infected devices to other Macs andiPhones through USB connector-cables.

• Apple devices hit by Wirelurkermalware in China

However, FireEye said, "Masque Attacks can pose much bigger threats than Wirelurker." For example, they could replace a user's banking and email apps with malware that sends banking and email data directly to the attackers.

FireEyesaidthat in order to attack, cybercriminals must give theirmalwarethe same identification string, called a bundle identifier, as an existing app. The iOS bug means that if it has the same bundle identifier as an existing app, iOS won't check its security certificate to determine if it came from a legitimate source.

FireEyenotified Apple of the bug on July 26.

The company says users can protect themselves by:

• Installing apps only fromApples official App Store or the users own organization and not from third-party app stores.
• Never installing an app from a third-party web page pop-up.
• Uninstalling any apps that show an alert with Untrusted App Developer when the user tries to open it.