FireEye reveals underlying iOS flaw exploited by WireLurker

Cyber-sec firm warns of Masque Attack vulnerability that exposes iOS user data

Tags: Apple IncorporatedCyber crimeFireEye Incorporated (www.fireeye.com)Palo Alto Networks (www.paloaltonetworks.com)USA
  • E-Mail
FireEye reveals underlying iOS flaw exploited by WireLurker FireEye says WireLurker is the first, but likely not the last, malware to exploit the iOS Masque vulnerability. (Justin Sullivan/Getty Images)
By  Stephen McBride Published  November 11, 2014

Cyber security researchers have discovered a vulnerability in Apple's iOS that exposes iPhone and iPad users' personal data to theft from malicious actors, Reuters reported.

Specialists at FireEye Inc, through a blog post yesterday, warned about a technique they called a Masque Attack, which has already been exploited by the WireLurker toolkit, reported last week by Palo Alto Networks.

The method taints trusted apps installed on iDevices from the App Store, by tricking users into installing malware, via malicious text messages, emails and Web links. Once the installed malware has hijacked the apps, it has access to a range of sensitive information, including login credentials for services such as email and banking.

"It is a very powerful vulnerability and it is easy to exploit," said Tao Wei, senior staff research scientist, FireEye.

Apple's strict security layers make its OS platforms more difficult to compromise than Android and Windows systems. According to David Richardson, iOS product manager at mobile security firm Lookout, the Masque Attack sidesteps Apple's security by exploiting a toolkit deployed by the Cupertino firm to allow developers to roll out software without having to first upload it to the App Store.

However, users can still protect themselves by choosing not to install the software, as iOS will warn users an installation is about to occur.

FireEye told Apple about the flaw in July and, according to Wei the company informed FireEye it was working on a patch. Although WireLurker remains the only attempt to capitalise on the flaw, Wei said it was only a matter of time before more Masque campaigns emerged.

"Currently WireLurker is the only one, but we will see more," he said.

Add a Comment

Your display name This field is mandatory

Your e-mail address This field is mandatory (Your e-mail address won't be published)

Security code