IOS users typically get to cruise by, because Apple’s closed system offers a significant amount of protection against malware and breaches. However, the world is getting a lot more dangerous for consumers and businesses that rely on Apple gadgets. Two different security firms have revealed a worrisome vulnerability and a malware attack that target Apple technology exclusively. Masque Attack is a vulnerability that allows the replacement of legitimate apps with malicious ones, which then collect personal information about users. And WireLurker is a trojan that infects Apple computers, spreading to iOS devices when they are plugged into an infected machine. These findings serve as an unwelcome reminder for many IT departments and private consumers – you better be proactive about your tech security, because the threats are out there.
Two practices that companies need to be wary of are plugging iPhones into unauthorized computer and downloading apps from non-official sources. A tech security company known as FireEye broke the news about the Masque Attack vulnerability on November 10 in a blog post. Essentially, there was a flaw in Apple’s ad-hoc provisioning profile process, which allowed apps to slip by the verification process if they have the same bundle identifier as another legitimate app.
A malicious party could exploit this vulnerability by installing malware onto an iPhone, which wouldn’t be detected by your company’s Mobile Device Management software. FireEye demonstrated the vulnerability by installing an app in-house, which posed as “New Flappy Bird.” Since the fake app shared the same bundle identifier as the phone’s Gmail app, the installation was able to go through without any impedance.
The second major iOS concern to be unveiled recently is WireLurker, a truly insidious trojan that targets Mac computers and iOS devices. This malware was discovered by Palo Alto Networks, which published a full report of the threat. Palo Alto Networks traced the threat back to a third-party app store in China, which contained hundreds of infected Mac applications. Once users installed these apps, their computers became infected with the WireLurker trojan. However, the threat didn’t stop there. Once users plugged their iOS devices into their computers, they spread WireLurker onto the iPhones and iPads. Once installed on iOS devices, cyber criminals would be able to snoop on users’ Messages and contact information.
Business Insider confirmed on November 6 that Apple was able to “shut down” the threat posed by WireLurker. PC World also reports that Chinese authorities have arrested a few people who might be connected with the creation of WireLurker.
So how should businesses safeguard their technology in the wake of these vulnerabilities and malware threats? Well, IT departments can start by enforcing regular iOS updates on in-house technology and BYOD devices. Your company can also promote best practices at work by encouraging employees to steer clear of unauthorized apps or untrustworthy certificates.
The WireLurker threat also highlights a practice that should already be used in the workplace – be careful what you’re plugging into computers. IOS devices, flash drives, and other portable devices plugged into work computers could potentially spread malware or become infected.
This article was syndicated from Business 2 Community: Latest iOS Attacks to Be Aware Of
More Technology & Innovation articles from Business 2 Community: