Click to Skip Ad
Closing in...

Huge new security flaw found in iOS 8 poses a major threat to users

iOS 8 Security Flaw

Researchers at California-based cybersecurity firm FireEye have detailed what they claim to be a major new security vulnerability that has been found in Apple’s iOS 8 software. The security flaw, which they have dubbed “Masque Attack,” reportedly allows an attacker to replace authentic apps on a target’s iPhone or iPad with a similar app with the same appearance. Any data then entered into the app can be obtained by the hacker.

For example, an app that mirrors the look of a banking app on the user’s phone can be installed, and then the target’s username and password can be stolen when he or she tries to enter them in the malicious app.

DON’T MISS: 10 cases that will protect your iPhone 6 without ruining Apple’s gorgeous design

“Masque Attacks can replace authentic apps, such as banking and email apps, using attacker’s malware through the Internet,” FireEye’s Hui Xue, Tao Wei and Yulong Zhang wrote in a blog post on Monday. “That means the attacker can steal user’s banking credentials by replacing an authentic banking app with an malware that has identical UI.”

They continued, “Surprisingly, the malware can even access the original app’s local data, which wasn’t removed when the original app was replaced. These data may contain cached emails, or even login-tokens which the malware can use to log into the user’s account directly.”

The news comes just days after Apple fixed a recent issue that left its iOS and OS X-powered devices susceptible to an attack from malware called WireLurker.

FireEye says that the vulnerability affects all versions of iOS from iOS 7.1.1 through the latest public version of Apple’s mobile software, iOS 8.1. Also of note, the issue still affects iOS 8.1.1 beta, which is currently being tested by developers ahead of its public release.

Zach Epstein

Zach Epstein has worked in and around ICT for more than 15 years, first in marketing and business development with two private telcos, then as a writer and editor covering business news, consumer electronics and telecommunications. Zach’s work has been quoted by countless top news publications in the US and around the world. He was also recently named one of the world's top-10 “power mobile influencers” by Forbes, as well as one of Inc. Magazine's top-30 Internet of Things experts.

Popular News