There are billions of mobile apps out there, tempting treats for those wedded to their smart phones and tablets. However, a new Apple iOS vulnerability alert fromย a security vendor is a reminder that for best securityย software for any platformย should only be downloaded from an authorized store or internal corporate site.
iOS vulnerability can replace legit apps
โThis vulnerability exists because iOS doesnโt enforce matching certificates for apps with the same bundle identifier,โ FireEye researchers said in a blog. โWe verified this vulnerability on iOS 7.1.1, 7.1.2, 8.0, 8.1 and 8.1.1 beta, for both jailbroken and non-jailbroken devices. An attacker can leverage this vulnerability both through wireless networks and USB.โ
FireEye said iOS users can protect themselves from Masque Attacks by following three steps:
- Donโt install apps from third-party sources other than Appleโs official App Store or the userโs own organization
- Donโt click โInstallโ on a pop-up from a third-party web page, no matter what the pop-up says about the app. The pop-up can show attractive app titles crafted by the attacker
- When opening an app, if iOS shows an alert with โUntrusted App Developerโ, as shown in Figure 3, click on โDonโt Trustโ and uninstall the app immediately.
ย
ย
Related Download
Sponsor: F5
The present and future of application protection
This white paper looks at how security measures must be enhanced to ensure apps are secured everywhere, the investments organizations must make, and why security needs to be more focused at the application level.
Register Now