Jump to content

US officials say iPhones have an app-related security flaw


Recommended Posts

http://cdn.mos.techradar.com/art/mobile_phones/iPhone/iOS7/iOS7-Video-10%20copy-470-75.jpg

The US Computer Emergency Readiness Team (CERT) has issued an alert to warn iOS users that they're vulnerable to a unique form of attack.

They call it the "Masque Attack," and it involves malicious users tricking you into installing harmful apps from outside Apple's App Store.

Devices with iOS versions 7 and up, including the latest releases, are vulnerable, CERT says.

The exploit reportedly works because iOS can't distinguish between authentic and counterfeit apps as long as the counterfeit has the correct "bundle identifier."

A simple solution

Apple issued a statement, though, with a simple solution: only download apps and app updates from "trusted sources."

"We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps," an Apple spokesperson said.

"Enterprise users installing custom apps should install apps from their company's secure website," the spokesperson added.

That's one source of potential trouble, if attackers are able to pose as corporate users' IT staff. But Apple and FireEye, the security firm that discovered the vulnerability, said there are no recorded instances of this actually being exploited.

http://rss.feedsportal.com/c/669/f/415085/s/407f7dc7/sc/5/mf.gif


http://da.feedsportal.com/r/211597562066/u/49/f/415085/c/669/s/407f7dc7/sc/5/rc/1/rc.img
http://da.feedsportal.com/r/211597562066/u/49/f/415085/c/669/s/407f7dc7/sc/5/rc/2/rc.img
http://da.feedsportal.com/r/211597562066/u/49/f/415085/c/669/s/407f7dc7/sc/5/rc/3/rc.img

http://da.feedsportal.com/r/211597562066/u/49/f/415085/c/669/s/407f7dc7/sc/5/a2.imghttp://pi.feedsportal.com/r/211597562066/u/49/f/415085/c/669/s/407f7dc7/sc/5/a2t.imghttp://feeds.feedburner.com/~r/techradar/software-news/~4/WZcFbUDFSZg
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...