A vulnerability could allow hackers to trick users into downloading fake apps, which could siphon off their personal information, researchers warn.
Responding to reports of a potential security threat that could allow hackers to steal personal information from iPhones and iPads, Apple issued a statement Thursday indicating that its operating systems have built-in protections to prevent malware downloads.
Earlier this week, cybersecurity company FireEyewarned that it had identified a vulnerability in Apple’s mobile operating system that could allow hackers to use Web pages, text messages and emails to fool users into downloading fake apps that could disclose their personal information. In a threat dubbed “Masque Attack” by FireEye, fake apps designed to resemble a legitimate bank or email program could replace genuine apps installed though Apple’s App Store and siphon off users’ personal information back to hackers without users’ knowledge.
While it said there was no evidence the vulnerability was being actively exploited in the US, FireEye said the bug affects all Apple mobile devices running iOS 7 or later, regardless of whether the device is jailbroken — a user-initiated state that lets you install any app off the Internet. That means roughly 95 percent of all Apple mobile devices currently in use are vulnerable.
However, Apple assured users late Thursday that they were protected from just such a malicious download by early warning systems in both its desktop and mobile operating systems.
“We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software,” an Apple representative said, adding that the company was not aware of its customers actually falling victim to such an attack. “We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps. Enterprise users installing custom apps should install apps from their company’s secure website.”
This is the second time in the past couple of weeks that researchers have raised concerns about Apple product security, which the company has long touted as superior to competing offerings such asAndroid, Google’s mobile operating system.
Last week, security firm Palo Alto Networks described a new attack it discovered, which could allow unapproved apps downloaded from the Internet to infect iPhones when plugged into Mac computers. The attack, called “WireLurker,” was first recognized in China and is based on the same vulnerability FireEye disclosed Monday.
Apple said at the time that it was aware of the vulnerability Palo Alto Networks had discovered and was working on a fix, advising again that users only download programs from trusted sources.
by Steven Musil
- Apple fans buy things they don’t need, but how do they compare to Samsung fans?
- iPhone 6 China preorders soar past 20M — report
- Apple Pay details leaked in alleged training documents
- Apple’s Beats, Bose settle patent spat over noise-canceling tech
- iPhone 6, iPhone 6 Plus to land at Boost Mobile Oct. 17
- Apple supplier GT’s bankruptcy filing surprises even Apple
- Carl Icahn says he’s sending an ‘interesting’ letter to Apple on Thursday
- Alleged iPad Air 2 images leak online
- Apple sets Oct. 16 event, with new iPad, Macs likely
- iOS 8.1 beta 2 reveals new Apple Pay screens
- How to enable 60 fps video recording on iPhone 6 and 6 Plus