Earlier this week, the FireEye
security company released a report about an iOS vulnerability referred to as
“Masque Attack” (Details available at http://www.fireeye.com/blog/technical/cyber-exploits/2014/11/masque-attack-all-your-ios-apps-belong-to-us.html).
The US Government’s Computer Emergency Readiness Team has also released an
alert (https://www.us-cert.gov/ncas/alerts/TA14-317A).
The “Masque Attack” vulnerability could allow an attacker to install a
malware-filled app on top of a legitimate iOS app over the internet.
This is a vulnerability in the iOS
operating system rather than in any specific iOS app, and thus only Apple will
be able to resolve the vulnerability. Unfortunately, we do not have an official
statement from Apple regarding this vulnerability in iOS at this time. We
recommend that iOS users follow these guidelines for protecting their phones:
1.
Don’t install apps from
third-party sources other than Apple’s official App Store.
2.
Don’t click “Install” on
a pop-up from a third-party web page, no matter what the pop-up says about the
app. The pop-up can show attractive app titles crafted by the attacker.
3.
When opening an app, if
iOS shows an alert with “Untrusted App Developer”, as shown here (http://www.fireeye.com/blog/wp-content/uploads/2014/11/IMG_0001.jpg),
click on “Don’t Trust” and uninstall the app immediately.
Posts
No comments:
Post a Comment