From DarkReading:
New Attack Method Can Hit 95% Of iOS Devices
"Masque works by convincing users to download an app with a tricky name and then using that install to replace a legitimate app with the same bundle identifier name. There are a number of attack implications from this method. First of all, attackers could mimic the original app's login interface to steal credentials and upload them remotely. Secondly, the data under the original app's directory remains in the malware's local directory after the switch, allowing for further data theft. Additionally, an attacker can use the Masque Attack to bypass the app sandbox and get root privileges by attacking known iOS vulnerabilities."
No comments:
Post a Comment