Security Flaw in iOS Opens Malware Door for Cyber Crooks

The VAR GUY ^ | 11/12/2014 | DH Kass

[SeekAndFind]

Security provider FireEye (FEYE) is cautioning that an opening in Apple’s (AAPL) iOS leaves most iPhones and iPads vulnerable to hackers attempting to swap installed, trusted applications for rogue software capable of stealing sensitive and confidential information from the user.

FireEye first reported the bug to Apple in late July, dubbing the way it infiltrates iOS 7.1.1 and later devices (including the most recent iOS 8 and iOS 8.1 updates), a “Masque Attack.” The hack requires users first click on a malicious link included in an email or text message that targets the location of the malware download, tricking users into believing the intrusive software is legitimate and part of Apple’s App Store. The malware can replace trusted apps, such as banking or social networking, without the user realizing an intrusion has occurred.

“This in-house app may display an arbitrary title (like 'New Flappy Bird') that lures the user to install it, but the app can replace another genuine app after installation,” using the same bundle identifier, wrote FireEye researchers Hui Xue, Tao Wei and Yulong Zhang in a blog post.

Only apps baked into iOS, such as Mobile Safari, are immune from attack, the researchers said.

“This vulnerability exists because iOS doesn't enforce matching certificates for apps with the same bundle identifier,” FireEye wrote. “We verified this vulnerability on iOS 7.1.1, 7.1.2, 8.0, 8.1 and 8.1.1 beta, for both jailbroken and non-jailbroken devices. An attacker can leverage this vulnerability both through wireless networks and USB.”

Although the Masque Attack is similar to WireLurker, another iOS bug disclosed last week, in its ability to infiltrate a mobile device through USB, it’s far more dangerous, FireEye’s researchers said.

“After looking into WireLurker, we found that it started to utilize a limited form of Masque Attacks to attack iOS devices through USB,” FireEye said. “Masque Attacks can pose much bigger threats than WireLurker. Masque Attacks can replace authentic apps, such as banking and email apps, using attacker's malware through the Internet. That means the attacker can steal user's banking credentials by replacing an authentic banking app with malware that has identical UI.”

FireEye said Apple mobile device users can protect themselves from Masque Attacks by not installing third-party apps, refraining from installing items in a third-party web pop-up and being mindful of iOS app warnings.

[Swordmaker]

Yes, they are like moths attracted mindlessly to the light...not comprehending why they fill compelled, they flit to any thread they see on an Apple product and post mindless and unthoughtout FUD. Pity the poor souls infected with Apple Derangement Syndrome.

They suffer from MAPS:

Swordmaker's and Kathy's proposed diagnosis for the new ICD-10 addenda:

90210 iOS Munchausen's Apple-Plexy Syndrome (MAPS), The overwhelming compulsion to post negative, judgmental, aggressive, and false commentary on any website thread related to Apple products wherever found, including phobic reaction to projected Apple user euphoria. First and subsequent encounters.

[Swordmaker]

It’s not “immune” from malware: you just have to click thru assorted “Are you sure you want to install this program obtained from an un-trusted source?” warnings initiated by “phishing” emails - to wit, ignore clear warnings against risky behavior. It’s not like any of this malware doesn’t involve wanton stupidity on the part of the user.

It is even more explicit than that. We Mac users see it so rarely, we don't realize how dire the warning can be:

If you go ahead and install it after being told the file is going to "damage your computer" and that it "contains" a specific malware by name, AND gives you a button to move it to the Trash by merely clicking, YOU DESERVE any damage you do to your computer and your data, your privacy, your bank accounts, and your identity, from installing and running it!

If you do that, you are terminally stupid!

[PA Engineer]

I expect we’ll see several different variants of this FUD before it finally dies.

This is the fourth one in a week on the same malware from the usual suspects. It is like some type of perverse fetish and obsession. The FUD is old. Maybe they will move onto the blue stain scandal.

[PA Engineer]

Yes, they are like moths attracted mindlessly to the light...not comprehending why they fill compelled, they flit to any thread they see on an Apple product and post mindless and unthoughtout FUD. Pity the poor souls infected with Apple Derangement Syndrome.

Nah. No pity. Let them complete their journey into the bug zapper.