Mobiles & Tablets

Researchers: Apple iOS bug makes most devices vulnerable to attack

Reuters Boston | Updated on November 11, 2014 Published on November 11, 2014

File photo of the presentation of an iPad at Apple headquarters in Cupertino, California. - Reuters

Cybersecurity researchers have warned that a bug in Apple Inc's iOS operating system makes most iPhones and iPads vulnerable to cyberattacks by hackers seeking access to sensitive data and control of their devices.

Cybersecurity firm FireEye Inc published details about the vulnerability on its blog on Monday, saying the bug enables hackers to access their devices by persuading users to install malicious applications with tainted text messages, e-mails and Web links.

The malicious application can then be used to replace genuine, trusted apps that were installed through Apple's App Store, including e-mail and banking programmes, with malicious software through a technique that FireEye has dubbed ‘Masque Attack’.

These attacks can be used to steal banking and e-mail login credentials or other sensitive data, according to FireEye, which is well-regarded in cybersecurity circles for its research.

"It is a very powerful vulnerability and it is easy to exploit," FireEye Senior Staff Research Scientist Tao Wei said in an interview.

Officials with Apple could not be reached for comment.

Wei said that FireEye disclosed the vulnerability to Apple in July and that representatives with the company have said they were working to fix the bug.

News of the vulnerability began to leak out in October on specialised Web forums where security experts and hackers alike discuss information on Apple bugs, Wei said.

Wei said that FireEye decided to go public with its findings after Palo Alto Networks Inc last week uncovered the first campaign to exploit the vulnerability, a new family of malicious software known as WireLurker that infects both Mac computers and iOS.

FireEye does not know of other attacks that exploit the bug, Wei said.

"Currently WireLurker is the only one, but we will see more," he said.

FireEye advises iOS users to refrain from installing apps from sources other than Apple's official App Store and to not click "instal" on a pop-up from a third-party web page.

The security firm said it verified this vulnerability on iOS 7.1.1, 7.1.2, 8.0, 8.1 and 8.1.1 beta, for both jailbroken and non-jailbroken devices.

Published on November 11, 2014

A letter from the Editor


Dear Readers,

The coronavirus crisis has changed the world completely in the last few months. All of us have been locked into our homes, economic activity has come to a near standstill. Everyone has been impacted.

Including your favourite business and financial newspaper. Our printing and distribution chains have been severely disrupted across the country, leaving readers without access to newspapers. Newspaper delivery agents have also been unable to service their customers because of multiple restrictions.

In these difficult times, we, at BusinessLine have been working continuously every day so that you are informed about all the developments – whether on the pandemic, on policy responses, or the impact on the world of business and finance. Our team has been working round the clock to keep track of developments so that you – the reader – gets accurate information and actionable insights so that you can protect your jobs, businesses, finances and investments.

We are trying our best to ensure the newspaper reaches your hands every day. We have also ensured that even if your paper is not delivered, you can access BusinessLine in the e-paper format – just as it appears in print. Our website and apps too, are updated every minute, so that you can access the information you want anywhere, anytime.

But all this comes at a heavy cost. As you are aware, the lockdowns have wiped out almost all our entire revenue stream. Sustaining our quality journalism has become extremely challenging. That we have managed so far is thanks to your support. I thank all our subscribers – print and digital – for your support.

I appeal to all or readers to help us navigate these challenging times and help sustain one of the truly independent and credible voices in the world of Indian journalism. Doing so is easy. You can help us enormously simply by subscribing to our digital or e-paper editions. We offer several affordable subscription plans for our website, which includes Portfolio, our investment advisory section that offers rich investment advice from our highly qualified, in-house Research Bureau, the only such team in the Indian newspaper industry.

A little help from you can make a huge difference to the cause of quality journalism!

Support Quality Journalism
This article is closed for comments.
Please Email the Editor
You have read 1 out of 3 free articles for this week. For full access, please subscribe and get unlimited access to all sections.