Leave a comment

iPhone apps targeted in massive attack

Kaspersky Lab
Presented by Kaspersky Lab
The power of protection. Stay safe online with award-winning software. Click here to save 50%.
iPhone apps targeted in massive attack

Just yesterday we warned Android users about two major vulnerabilities found in LG devices. The flaws are putting millions of Android users at risk. Click here to read the full story, if you missed it.

Now, it looks as if an unpatched vulnerability on Apple devices is making iPhones and iPads prime targets for malicious apps. At the recent Hack in the Box conference in Amsterdam, hackers were encouraged to put the latest version of iOS to the test. It was all in an effort to identify and correct problems, of course - but the main issue they discovered was alarming.

During their tests, hackers were able to exchange legitimate apps with malicious counterfeits without being detected. One researcher explained that the code he'd developed could still create problems on devices, even if they were not jailbroken - or modified by the end user.

Chilik Tamir, a researcher from Mi3 Security designed an attack called Su-A-Cyder, which allowed him to swap out original apps with counterfeit versions that allowed him to spy on the users' activity. He was also able to gain extended permissions that allowed him to access the users' contacts, photos, messages, microphone, etc., which could all be used for spying.

These malicious apps worked, and went undetected, because they had identical bundle IDs as the original app that was installed by the user.

The issue was something Apple had patched on a previous version of iOS 8.3. But by making modifications to his own code, Tamir was able to exploit the same vulnerability in the most recent version of the operating system.

What's most alarming is that Apple has still not issued a patch, even after its discovery last week. On May 23, Tamir was informed by Apple that a patch was in the works, but end users have yet to see it.

So, until a patch becomes available, use caution when downloading apps to your device. You can also use a VPN to create an encrypted connection whenever you use a public Wi-Fi network. Click here to learn more about how VPNs work.

Next Story
Source: Threat Post
View Comments ()
360 million accounts hacked on popular social media site
Previous Happening Now

360 million accounts hacked on popular social media site

Good News: Being a janitor has never had so many perks
Next Happening Now

Good News: Being a janitor has never had so many perks