A new software bug in all iOS versions 7 and higher allows hackers or attackers to install any fake or malicious app simply by the user clicking a link and following the presented prompt.
The attack can be spread by text message, e-mail, and web links. Once the user clicks the ‘Install’ button an attacker can practically do anything within the phone including stealing precious information(as shown in the cnet video attached). In this circumstance an example has been made where the malicious app installs it’s self over an existing Gmail application. When the user goes to read mail they are asked for a user and password–This user and password is then forwarded over to the attacker.
However, What’s more concerning is how the app can overwrite the existing application and grant the attacker access to your personal information without you ever knowing. This new type of attack is being labeled a ‘Masque Attack’ by FireEye and they say apple was notified of the issue as far back as July of this year.
This is just one of several new security issues that have been recently discovered for iOS. Palo Alto Networks just discovered a security flaw last week that allows installation of unapproved apps to iPhone’s connected via mac computers.
In response to last weeks exploit Apple said that they were unaware of the vulnerability discovered by Palo Alto Networks, and were working on a fix for the issue.
As always, we recommend that users download and install software from trusted sources,” the company said.
Apple has made no other comments regarding these issues. As of today there has been no issued fixes for the problems.
For more information see the attached video below – SOURCE: CNET