The U.S. government’s computer security team has issued a warning to all iPhone and iPad owners to be vigilant while they download apps. A security lacuna in the iOS 7 and iOS 8 allows hackers to send updates impersonating as apps on their phones.
Mobile security researchers at FireEye have informed that Apple is aware of the lacuna in its iOS 7 and iOS 8 since July 26th. FireEye published the details of security lacuna and has also named it “Masque Attack.” Apple has not responded to requests for comment and additional request for comment was sent again. Apple has only reiterated that users should download the apps from reliable sources
FireEye has detailed the modus operandi of the Masque Attack which works by exploiting a security lacuna in the iOS to ensure matching certificates on the apps which have the same bundle identifier. A bundle identifier is the code that iOS uses to recognize updates to a particular app.