Apple Mobile Devices Vulnerable To App Attack, FireEye Says
by Jeremy C. Owens, San Jose Mercury News
Apple mobile devices can leak users’ information through an attack using apps distributed outside the company’s App Store, a prominent Silicon Valley security company disclosed Tuesday.
FireEye announced in a blog post that it told Apple in July that devices using its iOS mobile operating system, such as the iPhone and iPad, were vulnerable to an assault it termed “Masque attack.”However, FireEye researchers said Apple has been unable to work around the issue.
“Because all the existing standard protections or interfaces by Apple cannot prevent such an attack, we are asking Apple to provide more powerful interfaces to professional security vendors to protect enterprise users from these and other advanced attacks,” the researchers wrote.
FireEye found that hackers could offer a mobile app through the Web that would mimic a legitimately downloaded application on a user’s device, siphoning important information such as login info or emails. An example provided showed that a third-party app called “New Flappy Bird” could replace the Gmail app and access cached emails, using the same “bundle identifier” that Apple uses for the Gmail app.