Apple Masque Attack

Masque Attack exploits a flaw in Apple’s OSes that allows the replacement of one app by another so long as both apps use the same bundle identifier. All apps, except those preinstalled on iOS, such as Mobile Safari, can be replaced. The fake apps can access the original app’s local data, including log-in tokens. Among other things, they let attackers log into and loot victims’ bank accounts. The attacks work because iOS does not enforce matching certificates for apps with the same bundle identifier.FireEye researchers verified the vulnerability on both jailbroken and regular iOS devices on iOS 7.1.1, 7.1.2, 8.0, 8.1 and 8.1.1 beta. Attackers can leverage the vulnerability through wireless networks or USB ports. “Because all the existing standard protections or interfaces by Apple cannot prevent such an attack, we are asking Apple to provide more powerful interfaces to professional security vendors.” These attacks can be avoided by not downloading any apps from outside the Apple store.