Rediff.com« Back to articlePrint this article

Bug in Apple's iOS can let hackers steal data

November 14, 2014 19:30 IST

Image: A customer holds an iPhone 6 on display at the Fifth Avenue Apple store.
Photograph
: Adrees Latif/Reuters

The US government warned iPhone and iPad users on Thursday to be on the alert for hackers who may exploit a vulnerability in Apple Inc's iOS operating system that would enable them to steal sensitive data.

There was the potential for hacks using a newly identified technique known as the "Masque Attack," the government said in an online bulletin from the National Cybersecurity and CommunicationsIntegrationCenter and the US Computer Emergency Readiness Teams.

The network security company, FireEye Inc, disclosed the vulnerability behind the "Masque Attack" earlier this week, saying it had been exploited to launch a campaign dubbed "WireLurker" and that more attacks could follow.

Hackers could potentially steal login credentials, access sensitive data stored on iOS devices and remotely monitor activity on those devices, the government said.

Image: A woman holds up the iPhone 6 Plus at the Apple Store.
Photograph
: Yuya Shino/Reuters

Such attacks could be avoided if iPad and iPhone users only installed apps from Apple's App Store or from their own organizations, it said.

"We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software.

We're not aware of any customers that have actually been affected by this attack," Apple said in an emailed statement to Reuters.

Users should not click "Install" from pop-ups when surfing the web. If iOS flashes a warning that says "Untrusted App Developer," users should click on "Don't Trust" and immediately uninstall the app, the bulletin said.

Jim Finkle
Source: REUTERS
© Copyright 2024 Reuters Limited. All rights reserved. Republication or redistribution of Reuters content, including by framing or similar means, is expressly prohibited without the prior written consent of Reuters. Reuters shall not be liable for any errors or delays in the content, or for any actions taken in reliance thereon.