Nov 14, 2014 07:12 AM EST
U.S. Government Issues Bug Warning to Apple iOS Users

The U.S. government warned iPhone and iPad users on Thursday to be on the alert for hackers who may exploit a vulnerability in Apple Inc's iOS operating system, which could allow them to steal data.

The potential hack, which involves using a newly identified technique known as the "Masque Attack," was confirmed in an online bulletin released by the National Cybersecurity and Communications Integration Center and the U.S. Computer Emergency Readiness Teams, according to Reuters.

Network security company, FireEye Inc, disclosed the vulnerability behind the "Masque Attack" earlier this week. The company said it had been exploited to launch a campaign called "WireLurker" and that more attacks were likely to follow. 

In order for the attack to succeed, a user must install an untrusted app.

"This technique takes advantage of a security weakness that allows an untrusted app-with the same "bundle identifier" as that of a legitimate app-to replace the legitimate app on an affected device, while keeping all of the user's data," the government said in its bulletin. "This vulnerability exists because iOS does not enforce matching certificates for apps with the same bundle identifier. Apple's own iOS platform apps, such as Mobile Safari, are not vulnerable."

Hackers could possible steal login credentials, remotely monitor activity on those devices and access sensitive data stored on iOS devices, the government said, according to Reuters.

Attacks could be avoided iPhone and iPod users only installed apps from Apple's App Store or from their own organizations.

"We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software. We're not aware of any customers that have actually been affected by this attack," Apple said in an emailed statement to Reuters.

Users are advised not to click "Install" from pop-ups while surfing the web.

If iOS displays a warning that reads "Untrusted App Developer," users should click on "Don't Trust" and immediately uninstall the app, the bulletin said.

Computer security alerts issued by the government are pretty rare, and just 13 have been sent over the course of 2014. Previous vulnerabilities that have prompted alerts include Heartbleed and an SSL 3.0 flaw called "Poodle." 

See Now: OnePlus 6: How Different Will It Be From OnePlus 5?

 PREVIOUS POST
NEXT POST 

EDITOR'S PICK    

Hyundai to Invest $16.1 Billion for EV Business; Sets Annual Sales Goal of 1.87M Electric Cars by 2030

World's Most Expensive and Most Heavily-optioned Porsche 928 GTS is Coming Home to the U.S.

Major Boost as Tesla Giga Berlin Facility in Final Phase of Approval Process; Delivery Event Set This Month

Audi Looking for e-tron Electric Vehicles to Spur Car Brand's Growth in India in 2022

Toyota Offers Free EV Charging to Owners of 2023 bZ4X After Partnership Agreement with EVgo

2022 Suzuki Baleno Finally Unveiled in India: What are the Specs and Features of this City Car?

© Copyright 2024 AUTO WORLD NEWS All rights reserved.