WireLurker, Masque: Every Apple iOS App Could Be Compromised

Wrong conviction and bad habits

Before the introduction of the Masque vulnerability and related attacks, I desire to contextualize my analysis. The security community is assisting with the rapid rise in the number of attacks against mobile platforms.

The situation appears particularly worrying for the Android platform, for which the number of malware families detected in the last few months has grown exponentially. The principal security firms also observed an increasingly sophisticated level of the attacks, and the availability of the source code of several malware in the underground is creating the conditions for a rapid diffusion of the malicious agent.

The situation appears slightly better for Apple iOS devices, for which new malware families like WireLurker, AdThief and Zorenium recently have been detected.

The principal problems for Apple devices are originated by bad habits of the users, who jailbreak their devices to install mobile apps from untrusted sources, opening the door to malicious codes.

Another menace to the security of Apple devices is represented by the lack of adoption of security measures by their users, who share the wrong conviction that Apple systems are immune from malware and other cyber threats. As history has shown, this simply isn’t the case. As long as devices are being created to store sensitive information, there will be criminals attempting to exploit those devices by finding vulnerabilities within them.

The Masque attack

The news of these days is the disclosure of a new critical vulnerability that affects recent versions of the Apple iOS, including iOS 7.1.1, 7.1.2, 8.0, 8.1, and 8.1.1 beta. The disclosure arrives a few days after the detection in the wild of a new strain of malware, dubbed WireLurker, made by security researchers at Palo Alto Networks.

The researchers at FireEye (Read more...)

*** This is a Security Bloggers Network syndicated blog from InfoSec Resources authored by Pierluigi Paganini. Read the original post at: http://feedproxy.google.com/~r/infosecResources/~3/899oDojS72g/