Masque Attack: A Serious Flaw in iOS With Greater Threat Than WireLurker

Last week WireLurker malware was disclosed and Apple has indicated that they will fix this flaw in a new version of iOS, although WireLurker has become the past, but a new threat has emerged. Today the security research firm FireEye announced they have found a more dangerous security risk than WireLurker’s in iOS. This security flaw is Masque Attack, which had be confirmed existing in iOS as early as July this year, but not been patched in subsequent several updates.

FireEye said attacker will lure users to download some app or games with the behalf of some well-known apps – such as New Flappy Bird or Angry Bird Update. These apps look no different with the original work, but its interior has been completely controlled by attacker. If user has installed some bank or mail-related apps in iOS, which means the user’s bank and e-mail infos will easily be sent to attacker’s hand.

More surprising is that these fake apps can even access your local data, its risk is obviously serious over WireLurker. FireEye security officials said they had reported Masque Attack to the Apple early in July, this flaw affects both jailbroken and non-jailbroken devices running on iOS 7.1.1 – 8.1.1, but Apple never process it and no response.

FireEye emphasized the serious danger of Masque Attack in the report, the vulnerability could allow attacker to imitate the original app login page, to steal the user’s account and password, while also allow they to bypass sandbox to use some known vulnerabilities – including the jailbreak exploits used by pangu to gain root rights.

Here we suggest that iOS users do not install apps from third-party sources other than the official App Store, avoiding clicking on “install” popups in SMS messages or third-party websites, and avoiding apps / uninstalling apps that give an “Untrusted App Developer “alert.

iOS 7 users can check to see if they’ve been the victim of an attack by going to Settings –> General –> Profiles to see what provisioning profiles are installed. iOS 8 devices do not show installed provisioning profiles, making it more difficult to detect an attack.

Share This Story


You May Also Like

Leave a Reply

Your email address will not be published.

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <s> <strike> <strong>