Express Computer
Home  »  News  »  Apple Inc’s iPhones, iPads under ‘masque attack’ threat: Cyber agency

Apple Inc’s iPhones, iPads under ‘masque attack’ threat: Cyber agency

0 335

Cyber security sleuths have alerted users of ‘Apple’ iphones and ipads against a lurking “masque attack” on their devices that could compromise gadget safety and steal sensitive private information.

In its latest advisory to the users, the Computer Emergency Response Team-India (CERT-In) said, a vulnerability has been reported in Apple iOS which allows any iOS application that is installed using enterprise or ad-hoc provisioning to replace any legitimate iOS application installed through the App Store with any other malicious application.

“This attack is also known as ‘Masque Attack’ technique against Apple iOS. Successful exploitation of this vulnerability could allow remote attacker to steal sensitive information from the device, monitor user activities, gain root privileges on the device and launch further attacks,” the CERT-In advisory said.

The CERT-In is the nodal agency to combat hacking, phishing and to strengthen security-related defences of the Indian Internet domain.

The iOS is the backbone of all operations and apps in various Apple gadgets like iphones, tabs and ipads.
Apple has already asked users to download applications and other information from trusted sources only.

This vulnerability, the agency said, is caused due to iOS not properly enforcing and matching of certificates for apps (applications) with the same identifier.

“A remote attacker could exploit this vulnerability by tricking the victim into installing an application from a source other than the iOS App store or their organisations provisioning system. Attacker could then utilise this application to replace other legitimately installed applications, except iOS preinstalled applications, with any malicious application that uses the bundle identifier of the legitimate application thus bypassing the App Store review process,” it said.

The agency called it a “high” rated threat and said it could affect various versions of the Apple iOS.
The cyber security agency has also suggested some counter-measures in this regard.

“Don’t install apps from third-party sources other than Apple’s official App Store or your own organisation, don’t click ‘install’ on a pop up from a third-party web page, carefully read iOS notification while opening applications and if iOS shows an ‘untrusted App Developer’ alert click on ‘don’t trust’ and uninstall the application immediately,” it recommended.

Get real time updates directly on you device, subscribe now.

Leave A Reply

Your email address will not be published.

LIVE Webinar

Digitize your HR practice with extensions to success factors

Join us for a virtual meeting on how organizations can use these extensions to not just provide a better experience to its’ employees, but also to significantly improve the efficiency of the HR processes
REGISTER NOW 

Stay updated with News, Trending Stories & Conferences with Express Computer
Follow us on Linkedin
India's Leading e-Governance Summit is here!!! Attend and Know more.
Register Now!
close-image
Attend Webinar & Enhance Your Organisation's Digital Experience.
Register Now
close-image
Enable A Truly Seamless & Secure Workplace.
Register Now
close-image
Attend Inida's Largest BFSI Technology Conclave!
Register Now
close-image
Know how to protect your company in digital era.
Register Now
close-image
Protect Your Critical Assets From Well-Organized Hackers
Register Now
close-image
Find Solutions to Maintain Productivity
Register Now
close-image
Live Webinar : Improve customer experience with Voice Bots
Register Now
close-image
Live Event: Technology Day- Kerala, E- Governance Champions Awards
Register Now
close-image
Virtual Conference : Learn to Automate complex Business Processes
Register Now
close-image