New iOS 8 Attacks: Masque Attack Vulnerability Found

iOS vulnerabilities list is getting longer these days as iPhone and iPad become more popular among customers. The latest iOS Masque attack can actually harm users as it allows attackers to get your personal data by replacing official legit applications with malicious programs.
A couple of years ago iOS attacks were mostly dangerous to jailbroken iDevice users. Now everything changes with iOS malicious apps becoming improved and being able to self-install even on gadgets that are not jailbroken.

You can check if your iPhone is not affected by any possible virus.

masque-attack-in-action-ios-7-8

According to researchers who have discovered the Masque Attack vulnerability, it can work on different versions of Apple mobile firmware, including iOS 7.1.1 and up to iOS 8.1.1 beta 1. Even the latest beta allows the vulnerability to work and replace your legitimate programs with malicious applications that steal user’s information.

Masque Attack was discovered by FireEye company and it states that the dangerous bug is capable of accessing your iPhone or iPad via the malevolent program that replaces the genuine applications you install from the App Store on your iDevice. The malicious app can install itself via Wi-Fi network or USA cable if you use third-party programs. Sticking to Safari Apple’s app is most likely safely for now because preinstalled programs can’t be replaced by the malicious application.

masque-attack-ios-vulnerability

The bug exists because of the bundle identifiers that are the same for different applications. If iOS enforces matching certificates this will be gone and attackers won’t be able to possibly steal your email, passwords, phone number and other personal data.