Masque Attack: U.S. cybersecurity agencies warn iOS users about bugs
After the public became aware of the vulnerability in Apple's latest iOS software, the U.S. government released a statement to warn all iPhone, iPad and iPod Touch users to avoid being victims of identity theft.
The online bulletin released by the National Cybersecurity and Communications Integration Center, as well as the U.S. Computer Emergency Readiness Teams, stated that hackers may be able to exploit the vulnerability found in Apple's mobile operating system using the so-called "Masque Attack" bug.
Recently, the cybersecurity firm FireEye Inc. warned the public about the said bug, which they have discovered on July 26. The firm also reported that hackers already tried to take advantage of the vulnerability by launching the "WireLurker" technique.
"This technique takes advantage of a security weakness that allows an untrusted app — with the same 'bundle identifier' as that of a legitimate app — to replace the legitimate app on an affected device, while keeping all of the user's data," the warning states. "This vulnerability exists because iOS does not enforce matching certificates for apps with the same bundle identifier."
The warning also said that there is a possibility that more attacks could be launched soon.
Hackers may have access to users' personal accounts to get their login details as well as sensitive information stored on Apple devices, including bank accounts and such.
These attacks can be easily avoided if the iOS users will only get apps directly from the Apple Store or from an authorized organization.
Also, users are advised by the bulletin not to click on the "Install" tabs from pop-ups while surfing online. Once the iOS issues a warning sign that states "Untrusted App Developer," the users should click on the "Don't Trust" option and uninstall the questionable app immediately.
The Apple devices running the iOS 7.1.1, 7.1.2, 8.0, 8.1, and 8.1.1 beta versions could possibly be affected by the said vulnerability.
Apple Inc.'s reps have not released a statement about the Masque Attack bug as of the moment.
