“Apple mobile devices can leak users’ information through an attack using apps distributed outside the company’s App Store, a prominent Silicon Valley security company disclosed Monday,” Jeremy C. Owens reports for The San Jose Mercury News. “”
“FireEye announced in a blog post that it told Apple in July that devices using its iOS mobile operating system, such as the iPhone and iPad, were vulnerable to an assault it termed ‘Masque attack.’ However, FireEye researchers said Apple has been unable to work around the issue,” Owens reports. “‘Because all the existing standard protections or interfaces by Apple cannot prevent such an attack, we are asking Apple to provide more powerful interfaces to professional security vendors to protect enterprise users from these and other advanced attacks,’ the researchers wrote.”
“FireEye found that hackers could offer a mobile app through the Web that would mimic a legitimately downloaded application on a user’s device, siphoning important information such as login information or emails,” Owens reports. “FireEye offered three ways to avoid being a victim of the Masque Attack vulnerability: Do not download any apps that do not come from the App Store or a user’s organization, such as an employer; don’t install apps offered on pop-ups from third-party websites; and if iOS ever alerts a user about an ‘Untrusted App Developer,’ click ‘Don’t Trust’ on the alert and immediately uninstall the app.”
Read more in the full article here.