Report - Another iOS vulnerability attack could be inbound

Computer Hacker

'Masque Attack' is the second iOS vulnerability discovered in just over a week.

Malware and viruses are usually quite rare and uncommon on devices running Apple's mobile operating system iOS, but in the space of a week two have been reported.

The malware WireLurker cropped up last week, and now security research company FireEye has discovered another  called Masque Attack.

FireEye claim that the latest vulnerability works by trying to get users to install an app outside of Apple's own App Store. Phishing texts or emails can be sent to the user's device and they will contain links that will try to entice the user into downloading the application.

In a demonstration test a device received a text containing the following message "Hey, check this out, the New Flappy Bird."

If the user taps the link and installs, they won't be installing Flappy Bird but rather a malicious version of an app that installs right on top of a legitimate app downloaded from the App Store.

In the video below the test shows a malicious version of Gmail installing over the regular app.

The malicious app which is now hidden is capable of uploading email messages, SMS messages, phone calls, and more to the attacker's server.

Attacks are more difficult to detect in iOS 8 because users can't see provisioning profiles, but iOS 7 users can go to Settings --> General --> Profiles to see if there are any provisioning profiles installed.

FireEye advises iPhone users to avoid this new vulnerability in iOS by not installing any application that doesn't come directly from the official Apple App Store.