Masque Attack: iPhone and iPad users warned over bug in Apple's iOS operating system
Vulnerability could see users personal information stolen
Your support helps us to tell the story
From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.
At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.
The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.
Your support makes all the difference.IPhone and iPad owners are being warned to watch out for hackers who may exploit a vulnerability in Apple Inc's iOS operating system that could let them steal personal information.
The US government said there is a potential for hackers to use a newly identified technique, known as the ‘Masque Attack’, which was exposed by a network security company called FireEye Inc (FEYE.O) earlier this week.
FireEye Inc said the vulnerability behind the Masque Attack had been exploited to launch a campaign dubbed "WireLurker" and that more attacks could follow.
FireEye said the bug affects devices running on iOS7 or later.
This attack works by luring users to install an app from a source other than the iOS App Store or their organisations’ system. In order for the attack to succeed, a user must install an untrusted app, such as one delivered through a phishing link.
Hackers can then potentially steal login credentials, access sensitive data stored on iOS devices and remotely monitor activity on those devices.
However, these attacks could be avoided if iPad and iPhone users only install apps from Apple's App Store or from their own organisations.
The government is advising users not to click ‘install’ from pop-ups when surfing the web.
If iOS flashes a warning that says "Untrusted App Developer," users should click on "Don't Trust" and immediately uninstall the app, the bulletin from the US Computer Emergency Readiness Teams added.
Apple played down the threat in a statement on Thursday and assured users they were protected by early-warning systems and built-in protections.
"We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software.
"We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps. Enterprise users installing custom apps should install apps from their company's secure website."
Additional reporting by Reuters
Join our commenting forum
Join thought-provoking conversations, follow other Independent readers and see their replies
Comments