Masque Attack Security vulnerability allows to replace Legitimate Apps With Malware

0

Over the past seven days, the owners of iOS-devices might well feel users of Android. Security experts are sounding the alarm immediately about two serious vulnerabilities that Apple devices owner may face. If last week it was WireLurker, now, we are talking about a much more serious threat called Masque Attacks.

A new threat to the iOS gadgets found specialists FireEye. Masque Attacks masquerades as an application from App Store, deceptive ways to penetrate the device and giving hackers access to user data. In this malicious software is characterized by a large number of distribution methods, and does not account for the presence or absence of jailbreak.

118

For example, Masque Attacks can penetrate to the device via a wireless connection or via USB, but in any case, the decision to install malicious software takes the user. In particular, iOS-device can suddenly offer to update a particular application from App Store. In this case, instead of the normal version will be downloaded infected, which will allow access to the device attackers. Typical applications iOS Masque Attacks substitute can not.

112

In particular, we can get infected client Gmail or “word” infected attachment when trying to establish Flappy Bird. In other words, Masque Attacks installs malicious software instead of the normal, hiding this fact from the user. Vulnerability affects iOS 7.1.1, 7.1.2, 8.0, 8.1, and a beta version iOS 8.1.1. Thus FireEye notified of a vulnerability Apple still on July 26 but in Cupertino, apparently, still have not responded to this threat.

The only way to protect yourself from the installation of an infected application on your iPhone, iPad or iPod touch is the use of the App Store and a complete rejection of applications from unknown sources. In addition, users can check iOS 7, infected if their device. To do this, go to Settings -> General -> Profiles and check whether there are unknown profiles. In iOS 8 such verification method does not work. [via FireEye]

Follow us on Twitter, subscribe to our Facebook Page, find us on LinkedIn, circle us on Google+