Hackers were able to find a way to put malware via a new Apple bug that could compromise the data security of most iPhones and iPads, a cyber-security firm reported. FireEye, the company who discovered the bug in Apple's software security system, called the said breach as the "Masque Attack."
According to the firm's blog post on Nov. 10, the malware can affect an Apple device by downloading a seemingly legit app that is actually a bug.
"This in-house app may display an arbitrary title (like "New Flappy Bird") that lures the user to install it, but the app can replace another genuine app after installation. All apps can be replaced except iOS preinstalled apps, such as Mobile Safari," the blog post explained.
The Internet security firm also said that those devices that run using the iOS 7.1.1, 7.1.2, 8.0, 8.1 and 8.1.1 beta, whether jailbroken or not, are vulnerable to this malware. The firm also reported that they had already discussed the possibility of this vulnerability in July, and they have been working on the bug fixes. The Cupertino-based company, however, is still mum about the issue.
FireEye researcher Claud Xiao had recently discovered a malware called "Wirelurker" in China which is a limited form of the Masque Attacks, wherein the malware can infiltrate the operating systems through USB. Based on the reports of the Internet security firm, Masque Attacks can take information in authentic apps, including banking credentials and personal details.
"Attackers could mimic the original app's login interface to steal the victim's login credentials. We have confirmed this through multiple email and banking apps, where the malware uses a UI identical to the original app to trick the user into entering real login credentials and upload them to a remote server," the firm also said.
Some of the Apple devices that can be infected with this bug include the latest iPad and iPhone 6 phones.
