Home / / FireEye reveals underlying iOS flaw exploited by WireLurker

FireEye reveals underlying iOS flaw exploited by WireLurker

Cyber-sec firm warns of Masque Attack vulnerability that exposes iOS user data

FireEye reveals underlying iOS flaw exploited by WireLurker
FireEye says WireLurker is the first, but likely not the last, malware to exploit the iOS Masque vulnerability.

Cyber security researchers have discovered a vulnerability in Apple's iOS that exposes iPhone and iPad users' personal data to theft from malicious actors, Reuters reported.

Specialists at FireEye Inc, through a blog post yesterday, warned about a technique they called a Masque Attack, which has already been exploited by the WireLurker toolkit, reported last week by Palo Alto Networks.

The method taints trusted apps installed on iDevices from the App Store, by tricking users into installing malware, via malicious text messages, emails and Web links. Once the installed malware has hijacked the apps, it has access to a range of sensitive information, including login credentials for services such as email and banking.

"It is a very powerful vulnerability and it is easy to exploit," said Tao Wei, senior staff research scientist, FireEye.

Apple's strict security layers make its OS platforms more difficult to compromise than Android and Windows systems. According to David Richardson, iOS product manager at mobile security firm Lookout, the Masque Attack sidesteps Apple's security by exploiting a toolkit deployed by the Cupertino firm to allow developers to roll out software without having to first upload it to the App Store.

However, users can still protect themselves by choosing not to install the software, as iOS will warn users an installation is about to occur.

FireEye told Apple about the flaw in July and, according to Wei the company informed FireEye it was working on a patch. Although WireLurker remains the only attempt to capitalise on the flaw, Wei said it was only a matter of time before more Masque campaigns emerged.

"Currently WireLurker is the only one, but we will see more," he said.

Follow us to get the most comprehensive IT Security news delivered fresh from our social media accounts on Facebook, Twitter, Youtube, and listen to our Weekly Podcast. Click here to sign up for our weekly newsletter on curated technology news in the Middle East and Worldwide.

REGISTER NOW | Webinar Event | Security you can bank on – Safeguarding the Middle East’s financial sector

Presented in partnership with security and network specialist Cybereason, the second in the three part webinar series will bring together a panel of experts to discuss how banks and financial institutions are evolving their service offering while simultaneously staying one step ahead of the cyber criminals who seek to bring their operations crashing to the ground.