Apple_iPhone6_Reuters.jpg (Photo : www.stech2.firstpost.com)
A bug that can expose Apple's iPhone and iPad products to malicious hackers who want to take control of the user's devices has been found by FireEye, a firm specializing in cybersecurity.
FireEye recently published its findings about the bug on the firm's blog. The post mentions that the bug can give hackers access to the devices if the users choose to install malicious apps that contain hacked emails, links and text messages.
Once installed, the app has the capability to replace all the user's other trusted applications downloaded from Apple's App Store. This would include data-sensitive apps such as banking and email applications. FireEye dubbed the hackers' technique as "Masque Attack."
FireEye said that hackers can then use the malicious apps to gather unauthorized banking and email login information along with other private credentials.
"It is a very powerful vulnerability and it is easy to exploit," said Tao Wei, a senior staff research scientist in FireEye.
The Apple iOS is known for its complex security system that makes hacking and installing malicious apps incredibly difficult to do via traditional methods for penetrating Android and Windows' operating systems with tainted emails and links.
David Richardson, an iOS product manager from Lookout, said that hackers are exploiting the new system developed by Apple that allows organizations to deploy custom third-party apps without the verification from Apple's App Store.
Apps are usually verified first by Apple's App Store, but the new system bypasses the procedure for the organizations. However, users are still warned by notifications that ask if the user wants to block the malicious app from installing any further programs, said the product manager.
Richardson adds that users can just choose not to install the malware. Users will stay protected from any cyberattack as long as they do not install the malicious apps.
According to Wei, FireEye sent its reports on the bug discovery to Apple in July, and the latter said that teams are already working to patch the vulnerability.
There has been no news from Apple's side yet.
The news about the bug started spreading in October on certain forums where hackers and security experts hold discussions about Apple's iOS bugs.
The public disclosure from FireEye came after WireLurker, a campaign that encourages exploitation of the bug, was discovered by Palo Alto Networks Inc.
Wei said that more campaigns may come in the future.
