After the discovery of malware "WireLurker" we heard from another vulnerability in iOS which was named as "Masque Attack", which the United States government has issued a warning.
They have issued a bulletin warning of the potential danger. This vulnerability was discovered by Cyber security company FireEye last Monday, November 10th.
Last Thursday, November 13, the government of the United States issued a bulletin to the users of iPads and iPhones, in this, they are warned of "Masque Attack", which is defined as a method that third parties allows the introduction of Malicious applications replacing the original on your iOS device with this malicious software can get information from affected users.
The newsletter has been published by the National Communications Integration Center and Cyber Security, the bulletin notes that malicious applications can be installed via a link, try to persuade the user to install the application from another source.
The United States Government outlined in the newsletter what this malware is able to :
An installed application on an iOS device using this technique they can:
- Representing the home interface of the original application to steal user data and password.
- Access to sensitive data in the local data cache.
- To follow up to the user device.
- Get root privileges on iOS devices.
- Being fully camouflaged, unable to distinguish it from the original apps.
Users are advised not to download apps from unofficial sources or they are not trusted, they must also avoid any link to "download" an application that appears on a website you visit.
Apple was tipped around this problem by FireEye, but it seems that the solutions are not included in iOS 8.1.1 , the versions are vulnerable, iOS 8.1, iOS 8.0, iOS 7.1.2 and iOS 7.1.1.
We face two attacks in a short period of time, Apple should start worrying more about safety and try to reduce potential threats, but as I always say if you download applications only from known sources and trusted sites the chances of introducing malware into your device are small.
Publicar un comentario