App Store vulnerabilities exposed

Share on facebook
Share on twitter
Share on linkedin
Share on email

An iOS vulnerability discovered earlier this year saw malicious apps masquerading as official apps in the App Store.

What happened in these “Masque” attacks was legitimate apps were copied by hackers and modified to contain a library that could steal information from Skype, Twitter, Facebook, iMessage and even login credentials.

The threat was quite serious, but has been patched since iOS 8.1.3, which came out in late January. 

The hacked version of apps asked for more permissions than official apps would
The hacked version of apps asked for more permissions than official apps would

Since the patch rolled out it has become impossible for malicious parties to use a Masque attack as they did previously to get users to install their poisonous software.

So, is everything fine now?

Not entirely. While you can no longer have apps that overwrite other apps in the App Store, hackers can modify identifiers within an app which prompts you to download their malicious software outside of the safety of your App Store.

Hackers seem to be exploiting iOS users exclusively at the moment, but this attack can happen on any mobile operating system.

To ensure your safety, never install apps that are not downloaded through your official app store, and if you’re ever redirected out of your app store to a site you feel is suspicious, back away.

Especially if you’re prompted to install Android on your iPhone…

[youtube http://www.youtube.com/watch?v=dhBdPx53pfQ]
[Image – WCCF Tech, CC 2.0 – Christyam de Lima]

Brendyn Lotz

Brendyn Lotz

Brendyn Lotz writes news, reviews, and opinion pieces for Hypertext. His interests include SMEs, innovation on the African continent, cybersecurity, blockchain, games, geek culture and YouTube.

NEWSLETTER

BE THE FIRST TO KNOW