iPad and iPhone users are being warned about the discovery of the Masque Attack II iOS hack, which could potentially leave their data open to theft.
FireEye researchers Hui Xue, Zhaofeng Chen, Song Jin, Yulong Zhang and Tao Wei discovered the first edition of the Masque flaw last November, which could allow malicious apps to replace existing enterprise ones on devices. Now the researchers have discovered a sequel.
The group explained in a blog post: "We find that when calling an iOS URL scheme, iOS launches the enterprise-signed app registered to handle the URL scheme without prompting for trust. It doesn't matter whether the user has launched that enterprise-signed app before."
FireEye said even if the user always clicks Don't Trust' to such apps, iOS still launches that enterprise-signed app directly on calling its URL scheme, meaning it could cause unexpected results.
"In other words, when the user clicks on a link in SMS, iOS Mail or Google Inbox, iOS launches the target enterprise-signed app without asking for the user's Trust' or even ignoring the user's Don't Trust'," they continued.
This could enforce a malicious version of a real, safe enterprise app to launch instead, potentially causing the hackers to steal confidential data or corrupt the device.
FireEye is urging iOS users be cautious when clicking on unknown links, especially if they are sent to their device by SMS, email or MMS.
"Users should update devices to 8.1.3 as soon as possible to mitigate the risk as much as possible," the company said. "Apple suggested defending against Masque Attack by the aid of the 'Don't Trust' prompt. We notified Apple that this was inadequate."
-
M&S suspends online sales as 'cyber incident' continuesNews Marks & Spencer (M&S) has informed customers that all online and app sales have been suspended as the high street retailer battles a ‘cyber incident’.
-
Manners cost nothing, unless you’re using ChatGPTOpinion Polite users are costing OpenAI millions of dollars each year – but Ps and Qs are a small dent in what ChatGPT could cost the planet
-
Apple iPad Air (2020) review: The executive’s choiceReviews With the iPad Air’s most recent redesign, Apple has delivered the best bang-for-buck tablet money can buy
-
In praise of the early adoptersOpinion The IT industry needs early adopters like you – and tech that fell by the wayside should still be celebrated
-
Apple is experimenting with attention sensors to save battery lifeNews Your next Apple device may shut down if you are not paying attention to it
-
Apple unveils M1-powered iPad Pro and iMac at April 2021 eventNews The new Apple Silicon hardware will be available to order from April 30
-
iPad Air 2020 debuts with A14 Bionic chip and USB-CNews Apple touts its latest flagship tablet as the “most powerful” iPad Air ever
-
Apple reveals iPadOS at WWDC19News Cupertino's tablet range breaks free of iOS with new dedicated software
-
Best iPad apps for 2019Best Our collection of the best and most popular iPad apps to download in 2019
-
Apple Event: New MacBook Air, iPad Pro and Mac mini launchedNews Apple appeases fans with long-requested hardware refreshes
