Categories: CyberCrimeSecurity

Hackers Are Now Demolishing, Breaking and Hijacking Apple’s iOS

Security firm FireEye has disclosed details of two new ways in which hackers can secretly switch your legitimate iOS apps with dangerous, fake ones.

Apple has patched numerous vulnerabilities in its recent release of iOS 8.4, including flaws that allow attackers to deploy these new kinds of attacks.

Malicious apps

These specific types of attacks are dubbed Masque Attacks by FireEye – attacks that allow malicious apps to replace existing, legitimate ones on an iOS device via SMS, email, or web browsing.

The new Masque Attacks are being called Manifest Masque and Extension Masque.

Manifest Masque gives an attacker the ability to replace the built-in apps on iOS (such as Apple Pay, Apple Watch, FaceTime) as well as App Store apps. Extension Masque, which allows for attackers to gain access to the data of other app which are containerised for security.

In a recent blog, FireEye has also disclosed the details of a previously fixed, but undisclosed, masque vulnerability: Plugin Masque, which bypasses iOS entitlement enforcement and hijacks VPN traffic.

An investigation conducted by FireEye has found that around one third of iOS devices still have not updated to versions 8.1.3 or above, even 5 months after the release of 8.1.3, and these devices are still vulnerable to all the Masque Attacks. To date, FireEye has disclosed details of five kinds of Masque Attacks.

FireEye’s blog stated: “Although Apple has fixed or partially fixed the original Masque Attack on iOS 8.1.3, there are still other attack surfaces to exploit vulnerabilities in the installation process on iOS.

It added: “Moreover, around one third of iOS devices that we monitored are still vulnerable to all the Masque Attacks because they have not been upgraded. We suggest that all iOS users keep their devices up-to-date.”

How much do you know about mobile apps? Take our quiz!

Duncan Macrae

Duncan MacRae is former editor and now a contributor to TechWeekEurope. He previously edited Computer Business Review's print/digital magazines and CBR Online, as well as Arabian Computer News in the UAE.

Recent Posts

X’s Community Notes Fails To Stem US Election Misinformation – Report

Hate speech non-profit that defeated Elon Musk's lawsuit, warns X's Community Notes is failing to…

1 day ago

Google Fined More Than World’s GDP By Russia

Good luck. Russia demands Google pay a fine worth more than the world's total GDP,…

1 day ago

Spotify, Paramount Sign Up To Use Google Cloud ARM Chips

Google Cloud signs up Spotify, Paramount Global as early customers of its first ARM-based cloud…

2 days ago

Meta Warns Of Accelerating AI Infrastructure Costs

Facebook parent Meta warns of 'significant acceleration' in expenditures on AI infrastructure as revenue, profits…

2 days ago

AI Helps Boost Microsoft Cloud Revenues By 33 Percent

Microsoft says Azure cloud revenues up 33 percent for September quarter as capital expenditures surge…

2 days ago