It seems like with all the recent assaults against Apple that they are becoming a huge target now, and it was not very long ago that if you mentioned malware or viruses to someone with an Apple, the reply would be that their systems were never attacked. Well watch out folks you are not as safe as you thought you were.
By Amy Thomson Nov 10, 2014
"Hackers are targeting devices that run Apple Inc. (AAPL) operating systems by creating fake programs that mimic real e-mail and game applications to steal a user’s information, cybersecurity company FireEye (FEYE) Inc. said.
FireEye is calling the trick a Masque Attack, the company said in a blog post today. It takes advantage of a flaw in Apple’s iOS 7 and 8 mobile software that lets hackers install fraudulent apps on devices through e-mail and text messages as long as the fake program has the same file name as the legitimate one.
Devices running Apple software, long considered safer from hackers than systems like Microsoft Corp.’s Windows and Google Inc.’s Android, have become more common targets. The Masque Attack technique is the same one used by WireLurker, malware discovered by security provider Palo Alto Networks Inc. that was designed to steal information from apps running on Apple’s operating systems for personal computers and mobile gadgets."
Full Article
Apple Devices Vulnerable to Hacker Attack That Mimics App Names
+54
+54By David Gilbert November 10, 2014 http://d.ibtimes.co.uk/en/full/1401633/iphone-6-review.jpg?w=720&h=444&l=50&t=40Security company Fire-Eye has uncovered a security flaw in iOS called Masque Attack which could allow attackers steal highly sensitive, personal informationIBTimes UKA serious security flaw in iOS 8 called Masque Attack has been discovered which could allow attackers steal highly sensitive, personal information by masquerading as legitimate apps such as email or banking software.
The latest security vulnerability reported in Apple's mobile operating system comes just a week after a threat called WireLurker was uncovered attacking iPhone and iPad users in China.
Full Article
The latest security vulnerability reported in Apple's mobile operating system comes just a week after a threat called WireLurker was uncovered attacking iPhone and iPad users in China.
Full Article
+62Hello Webrooters!
Thank you Jasper for another sad and informative article to our IOSs. Everybody with an IOS/iphones and connecting to a Mac via USB and installing an updating your devices please read this article on how to protect yourself fom these serious flaws.:@
Thank you Jasper for another sad and informative article to our IOSs. Everybody with an IOS/iphones and connecting to a Mac via USB and installing an updating your devices please read this article on how to protect yourself fom these serious flaws.:@
IMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.7.2), Security: iPads, ALIENWARE 15 R6, W11 Microsoft Windows Workstation, x64, Webroot® SecureAnywhere™ Internet Security Complete, Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester
+54It has been known about since JULY!!!!!!!!!!!!!!!!!!!!
11/10/2014 Ericka Chickowski
Masque Attack replaces legit apps with malware using the same bundle identifier names.
The majority of non-jailbroken iOS devices are vulnerable to an attack method that could replace genuine apps with malware through a bit of application-naming skullduggery. Dubbed a "Masque Attack" by the FireEye researchers who discovered this technique this summer, the attack was described publicly for the first time in a report today.
FireEye had previously held details about the attack methods close to the vest to give Apple time to handle a disclosure made to Cupertino at the end of July. But after examining the WireLurker malware that hit headlines last week, researchers with FireEye found it was using Masque methods and felt it necessary to shed light on a vulnerability that it says affects 95% of iOS devices.
Full Article
11/10/2014 Ericka Chickowski
Masque Attack replaces legit apps with malware using the same bundle identifier names.
The majority of non-jailbroken iOS devices are vulnerable to an attack method that could replace genuine apps with malware through a bit of application-naming skullduggery. Dubbed a "Masque Attack" by the FireEye researchers who discovered this technique this summer, the attack was described publicly for the first time in a report today.
FireEye had previously held details about the attack methods close to the vest to give Apple time to handle a disclosure made to Cupertino at the end of July. But after examining the WireLurker malware that hit headlines last week, researchers with FireEye found it was using Masque methods and felt it necessary to shed light on a vulnerability that it says affects 95% of iOS devices.
Full Article
Thank god i don't have that app.
+54@Var wrote:Hi Var.
Thank god i don't have that app.
Unfortunately Var it is not just one particular App at all.
I'm now scared.
+62Well this certainly throws a wrench in Apples so called Security! Very upsetting and the time line is ridiculous!!
IMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.7.2), Security: iPads, ALIENWARE 15 R6, W11 Microsoft Windows Workstation, x64, Webroot® SecureAnywhere™ Internet Security Complete, Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester
Apple has failed so much these past months.
+56Yeppers! You are eatings apples now right or going to make an Apple Pie? LOL@ wrote:
Well this certainly throws a wrench in Apples so called Security! Very upsetting and the time line is ridiculous!!
Daniel 😃
+62Yes Daniel ,
I still like Apple pie! 😉. Which will be my downfall!
I still like Apple pie! 😉. Which will be my downfall!
IMac 2021 27 in i5 Retina 5, iMac OS Sequoia (15.7.2), Security: iPads, ALIENWARE 15 R6, W11 Microsoft Windows Workstation, x64, Webroot® SecureAnywhere™ Internet Security Complete, Android Samsung Galaxy Ultra Note 23, Webroot Beta Tester
+54Summary: Apple has downplayed the risk the Masque bug plays for users of iOS devices running iOS 7 or later.
By Charlie Osborne for Zero Day | November 14, 2014
Apple has downplayed exploit fears stemming from the discovery of a security loophole which could trick users into downloading malicious apps on to their iOS devices.
On Monday, security researchers at FireEye detailed the discovery of the Masque bug in a new report. The researchers said the bug, in which apps running on iOS 7.1.1 and later -- including the latest iOS 8 -- can be replaced with malicious, legitimate-looking applications. Once granted access to a user's device, these apps could theoretically install malware or steal user data.
The "Masque Attack" relies on users falling for phishing attacks and clicking on malicious links in either emails or text messages that point to an app download. It is important to note that these apps are outside the safer confines of Apple's App Store.
FireEye researchers said:
By Charlie Osborne for Zero Day | November 14, 2014
Apple has downplayed exploit fears stemming from the discovery of a security loophole which could trick users into downloading malicious apps on to their iOS devices.
On Monday, security researchers at FireEye detailed the discovery of the Masque bug in a new report. The researchers said the bug, in which apps running on iOS 7.1.1 and later -- including the latest iOS 8 -- can be replaced with malicious, legitimate-looking applications. Once granted access to a user's device, these apps could theoretically install malware or steal user data.
The "Masque Attack" relies on users falling for phishing attacks and clicking on malicious links in either emails or text messages that point to an app download. It is important to note that these apps are outside the safer confines of Apple's App Store.
FireEye researchers said:
"This vulnerability exists because iOS doesn't enforce matching certificates for apps with the same bundle identifier. An attacker can leverage this vulnerability both through wireless networks and USB."
Full Article
+54Summary: The Masque bug that affects iOS apps has the potential to steal data from legitimate sources, due to a lack of encryption in apps across the board.
By Charlie Osborne for Zero Day | November 21, 2014
EXCERPT
However, an additional facet of the Masque bug has been discovered. Trend Micro researchers have found a new way for malicious apps installed through a Masque attack to hurt a user: by accessing unencrypted data used by legitimate apps.
According to the security team, when Masque has found its way onto a device through enterprise provisioning — which allows companies to install homegrown apps on iOS devices without the need to be reviewed by Apple — data can be stolen from legitimate apps that lack encryption.
Full Article
By Charlie Osborne for Zero Day | November 21, 2014
EXCERPT
However, an additional facet of the Masque bug has been discovered. Trend Micro researchers have found a new way for malicious apps installed through a Masque attack to hurt a user: by accessing unencrypted data used by legitimate apps.
According to the security team, when Masque has found its way onto a device through enterprise provisioning — which allows companies to install homegrown apps on iOS devices without the need to be reviewed by Apple — data can be stolen from legitimate apps that lack encryption.
Full Article
Login to the community
No account yet? Create an account
Enter your E-mail address. We'll send you an e-mail with instructions to reset your password.