Click to Skip Ad
Closing in...

Huge new security flaw found in iOS 8 poses a major threat to users

Published Nov 10th, 2014 2:00PM EST
iOS 8 Security Flaw
Image: Apple Inc.

If you buy through a BGR link, we may earn an affiliate commission, helping support our expert product labs.

Researchers at California-based cybersecurity firm FireEye have detailed what they claim to be a major new security vulnerability that has been found in Apple’s iOS 8 software. The security flaw, which they have dubbed “Masque Attack,” reportedly allows an attacker to replace authentic apps on a target’s iPhone or iPad with a similar app with the same appearance. Any data then entered into the app can be obtained by the hacker.

For example, an app that mirrors the look of a banking app on the user’s phone can be installed, and then the target’s username and password can be stolen when he or she tries to enter them in the malicious app.

DON’T MISS: 10 cases that will protect your iPhone 6 without ruining Apple’s gorgeous design

“Masque Attacks can replace authentic apps, such as banking and email apps, using attacker’s malware through the Internet,” FireEye’s Hui Xue, Tao Wei and Yulong Zhang wrote in a blog post on Monday. “That means the attacker can steal user’s banking credentials by replacing an authentic banking app with an malware that has identical UI.”

They continued, “Surprisingly, the malware can even access the original app’s local data, which wasn’t removed when the original app was replaced. These data may contain cached emails, or even login-tokens which the malware can use to log into the user’s account directly.”

The news comes just days after Apple fixed a recent issue that left its iOS and OS X-powered devices susceptible to an attack from malware called WireLurker.

FireEye says that the vulnerability affects all versions of iOS from iOS 7.1.1 through the latest public version of Apple’s mobile software, iOS 8.1. Also of note, the issue still affects iOS 8.1.1 beta, which is currently being tested by developers ahead of its public release.

Zach Epstein
Zach Epstein Executive Editor

Zach Epstein has been the Executive Editor at BGR for more than 15 years. He manages BGR’s editorial team and ensures that best practices are adhered to. He also oversees the Ecommerce team and directs the daily flow of all content. Zach first joined BGR in 2007 as a Staff Writer covering business, technology, and entertainment.

His work has been quoted by countless top news organizations, and he was recently named one of the world's top 10 “power mobile influencers” by Forbes. Prior to BGR, Zach worked as an executive in marketing and business development with two private telcos.