Hackers Are Now Demolishing, Breaking and Hijacking Apple’s iOS

Security firm FireEye has disclosed details of two new ways in which hackers can secretly switch your legitimate iOS apps with dangerous, fake ones.

Apple has patched numerous vulnerabilities in its recent release of iOS 8.4, including flaws that allow attackers to deploy these new kinds of attacks.

Malicious apps

These specific types of attacks are dubbed Masque Attacks by FireEye – attacks that allow malicious apps to replace existing, legitimate ones on an iOS device via SMS, email, or web browsing.

The new Masque Attacks are being called Manifest Masque and Extension Masque.

Manifest Masque gives an attacker the ability to replace the built-in apps on iOS (such as Apple Pay, Apple Watch, FaceTime) as well as App Store apps. Extension Masque, which allows for attackers to gain access to the data of other app which are containerised for security.

In a recent blog, FireEye has also disclosed the details of a previously fixed, but undisclosed, masque vulnerability: Plugin Masque, which bypasses iOS entitlement enforcement and hijacks VPN traffic.

An investigation conducted by FireEye has found that around one third of iOS devices still have not updated to versions 8.1.3 or above, even 5 months after the release of 8.1.3, and these devices are still vulnerable to all the Masque Attacks. To date, FireEye has disclosed details of five kinds of Masque Attacks.

FireEye’s blog stated: “Although Apple has fixed or partially fixed the original Masque Attack on iOS 8.1.3, there are still other attack surfaces to exploit vulnerabilities in the installation process on iOS.

It added: “Moreover, around one third of iOS devices that we monitored are still vulnerable to all the Masque Attacks because they have not been upgraded. We suggest that all iOS users keep their devices up-to-date.”

How much do you know about mobile apps? Take our quiz!