Posted on 11/10/2014 2:28:47 PM PST by SeekAndFind
Researchers have warned that a bug in Apple Inc's (AAPL.O) iOS operating system makes most iPhones and iPads vulnerable to cyber attacks by hackers seeking access to sensitive data and control of their devices.
Cybersecurity firm FireEye Inc (FEYE.O) published details about the vulnerability on its blog on Monday, saying the bug enables hackers to access devices by persuading users to install malicious applications with tainted text messages, emails and Web links.
The malicious application can then be used to replace genuine, trusted apps that were installed through Apple's App Store, including email and banking programs, with malicious software through a technique that FireEye has dubbed "Masque Attack."
These attacks can be used to steal banking and email login credentials or other sensitive data, according to FireEye, which is well-regarded in cybersecurity circles for its research.
"It is a very powerful vulnerability and it is easy to exploit," FireEye Senior Staff Research Scientist Tao Wei said in an interview.
Apple's iOS has robust security features that make it extremely difficult for attackers to install malware on devices using traditional techniques for infecting Windows machines and Android mobile devices with malicious emails and Web links. The "Masque Attack" makes that possible by exploiting a system that Apple developed to allow large organizations to deploy custom-built software without going through Apple's App Store, according to David Richardson, iOS product manager at mobile security firm Lookout.
(Excerpt) Read more at reuters.com ...
I’m just wondering why Swordmaker doesn’t post such articles.
I remember how all the Apple owners used to sneer about how they didn’t get viruses or malware. Anymore it seems that hacking Apple devices is the last great frontier for hackers.
Because he’s PR.
Who would have thought that a change in software distribution methods could be exploited for illgotten booty?
FUD FUD FUD FUD FUD.
the target size has increased of late.
RE: I remember how all the Apple owners used to sneer about how they didn’t get viruses or malware.
The more prevalent and popular an OS is or becomes, the more susceptible the OS is to hackers.
I’m just wondering why you didn’t ping him to this one.
Not Swordmaker? Can we talk naught about Apple on this thread?
Please explain how a POSSIBLE vulnerability becomes a virus or malware? Inquiring minds wish to know that secret, since NOBODY HAS BEEN INFECTED!
It is really sad that so many on this site disapprove of successful companies! They produce sound technology that just works. It just works every day, all day, and meets the needs of it's users.
A $20,000 investment in AAPL in 1987 would be worth roughly $3,200,000 today!!!
From the FireEye site:
iOS users can protect themselves from Masque Attacks by following three steps:
1) Don’t install apps from third-party sources other than Apple’s official App Store or the user’s own organization.
2) Don’t click “Install” on a pop-up from a third-party web page, as shown in Figure 1(c), no matter what the pop-up says about the app. The pop-up can show attractive app titles crafted by the attacker
3) When opening an app, if iOS shows an alert with “Untrusted App Developer”, as shown in Figure 3, click on “Don’t Trust” and uninstall the app immediately
I do not know sword maker, but he has posted that he is some kind of “IT” consultant working across all platforms. I assume he has what we like to call “a day job”.
That said, as a very long time Apple user, I read the same old FUD in this article. My devices will not get “infected” unless I respond to some dodgy email, and decide to download something deliberately.
If I were so clueless as to try, the apple software would warn me that it was suspicious, and I would have to click on a button to allow the download to go ahead.
I suppose there are some young folk who are impulsive, and would, but most of us users are savvy enough not to do it. We like the protection Apple gives us in the App stores, and the operating systems.
Lots of us would sleep more soundly if our infrastructure was run on Apple’s OS, and not the other one.
But, the Apple bashers are always willing to hope that someone somewhere can succeed in getting in. Only user stupidity can give them the chance, presently.
Forgot my manners! Since I mentioned sword maker, Freeper etiquette is to let him know.
This exploit succeeds only by attacking the weakest link: the gullible human operator. The OS itself cannot be directly penetrated by this exploit.
You said it much more succinctly, and you are right.
I get so tired of these threads, where people who do not understand Apple’s OS jumping up and down with glee whenever they read about some FUD exploit.
I understand that some have a preference for other operating system, and respect their choices. Why don’t we get the same back?
Not all of us have the time to manage/twink/troubleshoot our computers, and if we do not work in an environment that has an IT department to keep us productive, we look for a system that will just let us get the job done, without down-time.
No viruses in the wild yet.
To get malware, you have to give permission for an install.
To put it in perspective, after 6 years with a Mac, I’ve never had a virus. I do check, but never got the first one yet.
This is the opposite of my 13 years of windows experience.
If you want on or off the Mac Ping List, Freepmail me.
If I had seen it before now, Jonty, I would have. . . especially for the laugh factor. This article is hilarious FUD! Thee is literally no way for someone to convince someone to install a malicious app on an un-jailbroken iPhone or iPad. Those who jailbreak their iOS devices cannot expect iOS security. They deliberately UNLOCKED THE DOOR and INVITED malware in.
Sorry, if you unlock your phone, you'll find sympathy in the dictionary between "Sh!t" and "syphilis," but nor from me.
There are still zero virus for Mac OS X or iOS. This is not even up to the level of an Exploit on iOS. . . This is a claim that IF someone can SOMEHOW get a malicious Trojan onto an iOS device, they can do these really nasty things. . . but they haven't, yet, because they need to persuade the user to find, and download these malicious apps from a third party app store, which cannot be done without JAILBREAKING your iOS device! Well, DUH!
One of the major protections of iOS is the walled-garden approach to getting apps. . . in that they are ONLY available from Apple's curated App Store . . . where the user is assured the apps are SAFE!
It has always been known that if you open your doors and leave them standing wide open, which is what jailbreaking does, your security is effectively NONEXISTENT!
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.