Click to Skip Ad
Closing in...
  1. Best Kitchen Gadgets
    08:33 Deals

    Amazon shoppers are obsessed with this $23 gadget that should be in every kitchen

  2. Prime Day Deals
    07:58 Deals

    Amazon has 10 new early Prime Day deals you need to see to believe

  3. Best Selling Tools On Amazon
    15:16 Deals

    5 brilliant Amazon tool sets that’ll replace all the old junk in your toolbox

  4. Amazon Echo Auto Price
    09:43 Deals

    Amazon’s $50 Echo Auto adds Alexa to your car – today it’s only $15

  5. Prime Day 2021 Deals
    11:28 Deals

    5 best Prime Day deals you can already get today

Huge new security flaw found in iOS 8 poses a major threat to users

Zach Epstein
November 10th, 2014 at 2:00 PM
iOS 8 Security Flaw

Researchers at California-based cybersecurity firm FireEye have detailed what they claim to be a major new security vulnerability that has been found in Apple’s iOS 8 software. The security flaw, which they have dubbed “Masque Attack,” reportedly allows an attacker to replace authentic apps on a target’s iPhone or iPad with a similar app with the same appearance. Any data then entered into the app can be obtained by the hacker.

For example, an app that mirrors the look of a banking app on the user’s phone can be installed, and then the target’s username and password can be stolen when he or she tries to enter them in the malicious app.

DON’T MISS: 10 cases that will protect your iPhone 6 without ruining Apple’s gorgeous design

“Masque Attacks can replace authentic apps, such as banking and email apps, using attacker’s malware through the Internet,” FireEye’s Hui Xue, Tao Wei and Yulong Zhang wrote in a blog post on Monday. “That means the attacker can steal user’s banking credentials by replacing an authentic banking app with an malware that has identical UI.”

They continued, “Surprisingly, the malware can even access the original app’s local data, which wasn’t removed when the original app was replaced. These data may contain cached emails, or even login-tokens which the malware can use to log into the user’s account directly.”

The news comes just days after Apple fixed a recent issue that left its iOS and OS X-powered devices susceptible to an attack from malware called WireLurker.

FireEye says that the vulnerability affects all versions of iOS from iOS 7.1.1 through the latest public version of Apple’s mobile software, iOS 8.1. Also of note, the issue still affects iOS 8.1.1 beta, which is currently being tested by developers ahead of its public release.

Zach Epstein

Zach Epstein has worked in and around ICT for more than 15 years, first in marketing and business development with two private telcos, then as a writer and editor covering business news, consumer electronics and telecommunications. Zach’s work has been quoted by countless top news publications in the US and around the world. He was also recently named one of the world's top-10 “power mobile influencers” by Forbes, as well as one of Inc. Magazine's top-30 Internet of Things experts.

Popular News