Security Architecture, Endpoint/Device Security, Endpoint/Device Security, Security Strategy, Plan, Budget, Vulnerability Management, Endpoint/Device Security, Endpoint/Device Security, Endpoint/Device Security

FireEye shares details on ‘Masque Attack II’ affecting iOS devices

FireEye has detailed an iOS hack dubbed “Masque Attack II,” a second attack in a series of four that threaten security of Apple devices.

The first Masque Attack, uncovered in November, allowed miscreants to steal user data from app caches, but FireEye explains that Masque Attack II give hackers the means to bypass the iOS prompt for trust and carry out app URL scheme hijacking which could lead to phishing attacks, a Thursday blog post explained.

Apple's iOS 8.1.3 security update secured devices against one part of Masque Attack II, which bypasses an iOS security mechanism (used to confirm that users trust enterprise-signed apps they are opening for the first time).  But FireEye noted that fixing the URL scheme hijacking issue “may not be easy for Apple,” due to the way the App Store handles URL scheme sharing amongst apps by different developers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.