FireEye, a cybersecurity firm in California, have detected a major security flaw in Apple’s iOS 8 software. Dubbed Masque Attack, it allows hackers the opportunity to replace legitimate apps on the victim’s iPad or iPhone with a false app that appears the same. This exploit gives the attacker access to any data input to the replacement malicious app.
In a blog post dated 10th November, FireEye staff wrote, “Masque Attacks can replace authentic apps, such as banking and email apps, using attacker’s malware through the Internet. That means the attacker can steal user’s banking credentials by replacing an authentic banking app with an malware that has identical UI.” According to FireEye, to further mask the deception, “the malware can even access the original app’s local data, which wasn’t removed when the original app was replaced. These data may contain cached emails, or even login-tokens which the malware can use to log into the user’s account directly.”
The issue affects all versions of iOS from 7.11 to the current 8.11 beta, which is still being tested before release.