A hotbed for information plagiarists, iOS reveals the Masque Attack vulnerability

Recently, the cybersecurity company FireEye announced an iOS system vulnerability called "Masque Attack". Attackers can trick iPhone and iPad users into installing malicious applications through text messages, emails and web links, and then use this vulnerability to implant malicious applications into user devices, replacing existing applications to obtain users' bank accounts, email accounts and other sensitive data. In addition, they can even use this vulnerability to gain control of these devices.

In addition to text messages, emails, and web links, third-party markets have also become one of the important places for hackers to exploit this vulnerability. Because these third-party markets do not have as strict review standards as the Apple Store, attackers are more likely to use this to spread these malicious applications.

FireEye pointed out that the reason for Masque Attack is that the iOS system does not enforce the verification of certificates of applications with the same "binding identifier". In other words, as long as one application has the same binding identifier as other applications, it can cover another application. This is why attackers need to implant malicious applications in the attacked device.

FireEye also stated that they had submitted the vulnerability to Apple on July 26, and chose to disclose it now mainly because they found that the malicious application WireLurker that had spread on Mac and iOS platforms was related to this vulnerability.

Coincidentally, security researcher Jonathan Zdziarski also said in his blog that the pairing mechanism of iOS is the culprit for the proliferation of malicious applications because it allows more complex variants to easily spread on Apple devices. From his explanation, WireLurker's attack method is the same as that of Masque Attack.

Apple has stopped the spread of WireLurker in time, but according to data from security company Palo Alto Networks, 467 infected apps had been downloaded 356,104 times in the past six months before Apple stopped it, affecting tens of thousands of users. Since there is no news that Apple has fixed this vulnerability, there may be more similar attacks in the future.

However, although the impact of the Masque Attack vulnerability is very large, it is not unavoidable. Because it mainly relies on malicious applications to obtain user information, iOS users only need to avoid installing applications from non-Apple official app stores and do not install applications on pop-up third-party web pages.