Apple customers are being warned by computer security experts, including the United States government’s own cyber squad, to watch out for a new bug affecting iOS devices like the iPhone and iPad.

The US Computer Emergency Readiness Team, or US-CERT, said Thursday that users of mobile phones and tablets running Apple’s latest iOS software should be careful of what they click. A so-called “masque attack” is taking users by storm, tricking iPhone and iPad owners into installing malicious software resembling legitimate applications but actually embedded with code that could compromise an entire device.

“This attack works by luring users to install an app from a source other than the iOS App Store or their organizations’ provisioning system,” US-CERT explained. From there, the fake app may let a hacker control the infected device and “access sensitive data from local data caches,” “perform background monitoring of the user’s device” and “gain root privileges to the iOS device.”

The exploit was discussed earlier in the week by security experts at the firm FireEye, who said they informed Apple of the vulnerability on July 26 but believe new versions of iOS are still able to be exploited as part of a new masque attack hacking campaign they’ve dubbed “WireLurker.”

“Masque Attacks can replace authentic apps, such as banking and email apps, using attacker’s malware through the Internet. That means the attacker can steal user’s banking credentials by replacing an authentic banking app with an malware that has identical UI. Surprisingly, the malware can even access the original app’s local data, which wasn’t removed when the original app was replaced. These data may contain cached emails, or even login-tokens which the malware can use to log into the user’s account directly,” FireEye warned.

“We have confirmed this attack with email apps where the malware can steal local caches of important emails and upload them to [a] remote server,” FireEye said… see more

source: RT