Apple iOS Bug Makes Most Devices Vulnerable to Attack Cybersecurity researchers say the bug enables hackers to access their devices by persuading users to install malicious applications.

By Reuters

This story originally appeared on Reuters

Reuters | Robert Galbraith

Cybersecurity researchers have warned that a bug in Apple Inc's iOS operating system makes most iPhones and iPads vulnerable to cyberattacks by hackers seeking access to sensitive data and control of their devices.

Cybersecurity firm FireEye Inc published details about the vulnerability on its blog Monday, saying the bug enables hackers to access their devices by persuading users to install malicious applications with tainted text messages, emails and web links.

The malicious application can then be used to replace genuine, trusted apps that were installed through Apple's App Store, including email and banking programs, with malicious software through a technique that FireEye has dubbed "Masque Attack."

These attacks can be used to steal banking and email login credentials or other sensitive data, according to FireEye, which is well-regarded in cybersecurity circles for its research.

"It is a very powerful vulnerability and it is easy to exploit," FireEye Senior Staff Research Scientist Tao Wei said in an interview.

Officials with Apple could not be reached for comment.

Wei said that FireEye disclosed the vulnerability to Apple in July and that representatives with the company have said they were working to fix the bug.

News of the vulnerability began to leak out in October on specialized web forums where security experts and hackers alike discuss information on Apple bugs, Wei said.

Wei said that FireEye decided to go public with its findings after Palo Alto Networks Inc last week uncovered the first campaign to exploit the vulnerability, a new family of malicious software known as WireLurker that infects both Mac computers and iOS.

FireEye does not know of other attacks that exploit the bug, Wei said.

"Currently WireLurker is the only one, but we will see more," he said.

FireEye advises iOS users to refrain from install apps from sources other than Apple's official App Store and to not click "install" on a pop-up from a third-party web page.

The security firm said it verified this vulnerability on iOS 7.1.1, 7.1.2, 8.0, 8.1 and 8.1.1 beta, for both jailbroken and non-jailbroken devices.

(Reporting by Jim Finkle; editing by Andrew Hay)

Want to be an Entrepreneur Leadership Network contributor? Apply now to join.

Editor's Pick

Most Popular

See all
Side Hustle

After an Eye-Opening Trip to Home Depot, This Grandfather Started a Side Hustle on Amazon — and Did About $500,000 in Sales Last Year

Joshua White was shopping with his daughter when he recognized a real problem he wanted to solve.

By Amanda Breen
Business News

'Challenges Are Opportunities': Reebok's 89-Year-Old Founder Is Launching the World's First Futuristic AI Shoe

Joe Foster co-founded Reebok in 1958. Now, he's partnering with a 25-year-old entrepreneur to debut what they say is the first commercial shoe made with AI.

By Sherin Shibu
Business News

Apple Settles Lawsuit Accusing Siri of Eavesdropping. Here's Who Can Expect Part of the $95 Million Payout.

Any Siri-enabled device used within the past decade is eligible.

By Sherin Shibu
Real Estate

Should You Take out a Loan for Commercial Real Estate? How to Decide.

When it's time to expand your business, a real estate loan might be your best bet.

By Jared Hecht
Business Ideas

63 Small Business Ideas to Start in 2024

We put together a list of the best, most profitable small business ideas for entrepreneurs to pursue in 2024.

By Eve Gumpel
Devices

A Faster PC Is Just One Click Away—and Just $14.99

Boost speed, free space, and protect privacy with CCleaner.

By Entrepreneur Store