Monday, July 23, 2018
Search
  
Submit your own News for
inclusion in our Site.
Click here...
Breaking News
Samsung to Showcase Large QLED, microLED TVs Net Year
Google, Facebook, Microsoft, and Twitter Partner on New Data Project
Foxconn Breaks Ground in In Wisconsin Plant, Looks at AI and Beyond Apple
Western Digital and Toshiba Begin Sampling 96-layer QLC NAND
Cloud Services Keep Boosting Microsoft's Revenue
Comcast Won't Pursuit Fox assets, Focuses on Sky Offer
EU to Probe Qualcomm Over Pricing Case
Google's Project Fuchsia Could Be The Successor of Android Successor to Android
Active Discussions
Which of these DVD media are the best, most durable?
How to back up a PS2 DL game
Copy a protected DVD?
roxio issues with xp pro
Help make DVDInfoPro better with dvdinfomantis!!!
menu making
Optiarc AD-7260S review
cdrw trouble
 Home > News > Mobiles > Researc...
Last 7 Days News : SU MO TU WE TH FR SA All News

Monday, November 10, 2014
Researchers Identify New iOS Vulnerability


Researchers with cybersecurity firm FireEye said on Monday that they have uncovered a bug in Apple's iOS operating system that makes devices vulnerable to remote cyberattacks.

Dubbed "Masque Attack", the vulnerability allows the attacker to use malware and replace authentic iOS apps, such as banking and email apps, installed on a device. That means the attacker could steal user's banking credentials by replacing an authentic banking app with an malware that has identical UI.

FireEye's researchers claim that the malware could even access the original app's local data, which wasn't removed when the original app was replaced. These data may contain cached emails, or even login-tokens which the malware could use to log into the user's account directly.

All apps can be replaced except iOS preinstalled apps, such as Mobile Safari. This vulnerability exists because iOS doesn't enforce matching certificates for apps with the same bundle identifier.

"The vulnerability exists because iOS doesn't enforce matching certificates for apps with the same bundle identifier," the researchers explained.

They verified this vulnerability on iOS 7.1.1, 7.1.2, 8.0, 8.1 and 8.1.1 beta, for both jailbroken and non-jailbroken devices. An attacker could also leverage this vulnerability both through wireless networks and USB.

FireEye mobile security researchers have discovered the iOS vulnerability earlier this summer have already notified Apple about it.

Recently Claud Xiao discovered the "WireLurker" malware, which also started to utilize a limited form of Masque Attacks to attack iOS devices through USB, FireEye said.

iOS users can protect themselves from Masque Attacks by not installing apps from third-party sources other than Apple's official App Store or the users' own organizations. They should also never click "Install" on any pop-ups from third-party web pages, and uninstall any possible app that shows an iOS alert with "Untrusted App Developer" upon opening.




Previous
Next
Firefox Anniversary Edition Adds More Privacy Features        All News        Obama Outlines Plan for a Free and Open Internet
Facebook Says Messenger App Has 500 Million Monthly Users     Mobiles News      Flagship LG G3 Smartphone to Receive Lollipop Upgrade Next Week

Get RSS feed Easy Print E-Mail this Message

Related News
Cisco Identifies Virus That Kills Off PCs
Researchers Identify iOS Espionage App
Dropbox, WordPress Used To Spread Malware
Microsoft Says Viruses Are Back On The Rise
First Targeted Attack Utilising Malware for Android Devices Reported
Cyber Attack Targets Nato, Government Websites
Stuxnet Roots Found Back in 2005
Java Exploit Behind "Red October" Cyber Attacks
FTC Warns Small Businesses Of Spam Email
Kaspersky Says 'Red October' Virus Has Been Targeting Diplomatic and Government Agencies
Kaspersky Discovers New version Of Flams Virus
Microsoft Warns Of New IE Security Breach

Most Popular News
 
Home | News | All News | Reviews | Articles | Guides | Download | Expert Area | Forum | Site Info
Site best viewed at 1024x768+ - CDRINFO.COM 1998-2018 - All rights reserved -
Privacy policy - Contact Us .