Apple, apart from releasing two new variants of its new smartphone, is in the news for all the wrong reasons. There have been reasons related to the celebrity hack, and now there's a brand new malware that's gone viral on the operating system.
While it was reported last week that Mac and iOS users in China were affected by a new malware called WireLurker, mobile security research firm FireEye now reports it has found a major iOS security flaw. Apparently, this one poses a much bigger threat to Apple users than WireLurker.
The new so-called "Masque Attack" security flaw, according to FireEye, was uncovered back in July. Also, it was said that the malware exists because iOS does not offer the option of matching certificates for apps with the same bundle identifier.
"We have notified Apple about this vulnerability on July 26. Recently Claud Xiao discovered the "WireLurker" malware. After looking into WireLurker, we found that it started to utilize a limited form of Masque Attacks to attack iOS devices through USB. Masque Attacks can pose much bigger threats than WireLurker," the post states.
Masque Attacks have the ability replace authentic apps,such as banking and email apps, using attacker's malware through the Internet. "That means the attacker can steal user's banking credentials by replacing an authentic banking app with an malware that has identical UI."
The post also adds that attackers could fake the original app's login interface to steal the victim's login credentials. And the conpany has confirmed this through multiple email and banking apps, "where the malware uses a UI identical to the original app to trick the user into entering real login credentials and upload them to a remote server."
Are you an existing iOS user? If so, then head over here to know more. Stay tuned to GizBot for more updates!