Apple iOS Bug Makes Most Devices Vulnerable to Attack

Grow Your Business, Not Your Inbox

Stay informed and join our daily newsletter now!
Will be used in accordance with our Privacy Policy
Apple iOS Bug Makes Most Devices Vulnerable to Attack
Image credit: Reuters | Robert Galbraith
2 min read
This story originally appeared on Reuters

Cybersecurity researchers have warned that a bug in Apple Inc's iOS operating system makes most iPhones and iPads vulnerable to cyberattacks by hackers seeking access to sensitive data and control of their devices.

Cybersecurity firm FireEye Inc published details about the vulnerability on its blog Monday, saying the bug enables hackers to access their devices by persuading users to install malicious applications with tainted text messages, emails and web links.

The malicious application can then be used to replace genuine, trusted apps that were installed through Apple's App Store, including email and banking programs, with malicious software through a technique that FireEye has dubbed "Masque Attack."

These attacks can be used to steal banking and email login credentials or other sensitive data, according to FireEye, which is well-regarded in cybersecurity circles for its research.

"It is a very powerful vulnerability and it is easy to exploit," FireEye Senior Staff Research Scientist Tao Wei said in an interview.

Officials with Apple could not be reached for comment.

Wei said that FireEye disclosed the vulnerability to Apple in July and that representatives with the company have said they were working to fix the bug.

News of the vulnerability began to leak out in October on specialized web forums where security experts and hackers alike discuss information on Apple bugs, Wei said.

Wei said that FireEye decided to go public with its findings after Palo Alto Networks Inc last week uncovered the first campaign to exploit the vulnerability, a new family of malicious software known as WireLurker that infects both Mac computers and iOS.

FireEye does not know of other attacks that exploit the bug, Wei said.

"Currently WireLurker is the only one, but we will see more," he said.

FireEye advises iOS users to refrain from install apps from sources other than Apple's official App Store and to not click "install" on a pop-up from a third-party web page.

The security firm said it verified this vulnerability on iOS 7.1.1, 7.1.2, 8.0, 8.1 and 8.1.1 beta, for both jailbroken and non-jailbroken devices.

(Reporting by Jim Finkle; editing by Andrew Hay)

More from Entrepreneur

Get heaping discounts to books you love delivered straight to your inbox. We’ll feature a different book each week and share exclusive deals you won’t find anywhere else.
Jumpstart Your Business. Entrepreneur Insider is your all-access pass to the skills, experts, and network you need to get your business off the ground—or take it to the next level.
Create your business plan in half the time with twice the impact using Entrepreneur's BIZ PLANNING PLUS powered by LivePlan. Try risk free for 60 days.

Latest on Entrepreneur

Entrepreneur Media, Inc. values your privacy. In order to understand how people use our site generally, and to create more valuable experiences for you, we may collect data about your use of this site (both directly and through our partners). By continuing to use this site, you are agreeing to the use of that data. For more information on our data policies, please visit our Privacy Policy.