Categories: CyberCrimeSecurity

Hackers Are Now Demolishing, Breaking and Hijacking Apple’s iOS

Security firm FireEye has disclosed details of two new ways in which hackers can secretly switch your legitimate iOS apps with dangerous, fake ones.

Apple has patched numerous vulnerabilities in its recent release of iOS 8.4, including flaws that allow attackers to deploy these new kinds of attacks.

Malicious apps

These specific types of attacks are dubbed Masque Attacks by FireEye – attacks that allow malicious apps to replace existing, legitimate ones on an iOS device via SMS, email, or web browsing.

The new Masque Attacks are being called Manifest Masque and Extension Masque.

Manifest Masque gives an attacker the ability to replace the built-in apps on iOS (such as Apple Pay, Apple Watch, FaceTime) as well as App Store apps. Extension Masque, which allows for attackers to gain access to the data of other app which are containerised for security.

In a recent blog, FireEye has also disclosed the details of a previously fixed, but undisclosed, masque vulnerability: Plugin Masque, which bypasses iOS entitlement enforcement and hijacks VPN traffic.

An investigation conducted by FireEye has found that around one third of iOS devices still have not updated to versions 8.1.3 or above, even 5 months after the release of 8.1.3, and these devices are still vulnerable to all the Masque Attacks. To date, FireEye has disclosed details of five kinds of Masque Attacks.

FireEye’s blog stated: “Although Apple has fixed or partially fixed the original Masque Attack on iOS 8.1.3, there are still other attack surfaces to exploit vulnerabilities in the installation process on iOS.

It added: “Moreover, around one third of iOS devices that we monitored are still vulnerable to all the Masque Attacks because they have not been upgraded. We suggest that all iOS users keep their devices up-to-date.”

How much do you know about mobile apps? Take our quiz!

Duncan Macrae

Duncan MacRae is former editor and now a contributor to TechWeekEurope. He previously edited Computer Business Review's print/digital magazines and CBR Online, as well as Arabian Computer News in the UAE.

Recent Posts

UK’s CMA Readies Cloud Sector “Behavioural” Remedies – Report

Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector

12 hours ago

Former Policy Boss At X Nick Pickles, Joins Sam Altman Venture

Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…

15 hours ago

Bitcoin Rises Above $96,000 Amid Trump Optimism

Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…

16 hours ago

FTX Co-Founder Gary Wang Spared Prison

Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…

17 hours ago