The popularity of iPhones and iPads has made Apple the target of increasing malicious attacks by various groups. Although Apple often headlines the security of its iOS as one of its defining features, security firms have shown Apple's platforms are not that secure.
Researchers at FireEye security firm discovered the latest attack launched at Apple users. Dubbed as Masque Attack, the bug works by asking users to install a third-party app that will replace the genuine app without them knowing it is actually a fake app. It usually appears as a pop-up window asking users if they want to install a new app with a deceiving name, such as "The New Flappy Bird" or as emails or text messages containing a link to download the malware.
Masque Attack exploits Apple's enterprise/ad hoc provisioning system, where users can install third-party apps outside of the App Store straight from the developer's website themselves. Most users know this is possible, but it is a common way to install third-party apps for special purposes such as beta testing. The problem is iOS does not check if the security certificates for apps with the same bundle identifier are the same. That means any third-party app with a matching bundle identifier can be installed over any legitimate app.
Even worse, Masque Attack keeps the original data from the legitimate apps, which is troublesome for apps that contain private and sensitive information, such as email, messaging and banking apps.
FireEye says it has informed Apple of its discovery on July 26, but Apple has yet to make a statement about it. The vulnerability is found in all the latest versions of iOS, including iOS 8.1.1 beta, iOS 8.1, iOS 8.0, iOS 7.1.2 and iOS 7.1.1, accounting for approximately 95 percent of all iOS users. However, the good news is that while an overwhelming majority of all people who have iPhones are vulnerable, a Masque Attack cannot happen if users do not provide permission to download the malware.
"We have seen proofs that this issue started to circulate," says FireEye in a blog post detailing the vulnerability. "In this situation, we consider it urgent to let the public know, since there could be existing attacks that haven't been found by security vendors."
The proof the security firm is referring to is the emergence of Wirelurker, a malware family discovered by Palo Alto Networks' Claud Xiao and affecting Chinese iPhone owners. Wirelurker works by installing malicious apps through Chinese third-party app store Maiyadi. When the infected app is connected via USB to other Apple devices, it jumps through the wires and contaminates the other devices as well. FireEye says Wirelurker is using a limited form of Masque Attacks to infect iPhones and iPads.
In its statement regarding Wirelurker, Apple advises users not to download apps from sources other than the App Store.
"As always, we recommend that users download and install software from trusted sources," Apple said.
