Another shocking vulnerability in iOS: iPhone, iPad, etc. are dead

Cybersecurity researchers have warned that Apple's iOS operating system puts most iPhones and iPads at risk of being attacked by hackers who seek to break into iOS devices to gain access to sensitive information and take control of them.

Cybersecurity firm FireEye published details of the iOS vulnerability on its blog on Monday, saying hackers could hack into iOS devices by tricking users into installing malicious apps that contain infected text messages, emails and web links.

Hackers can then use malicious apps to replace authentic apps installed through Apple's App Store (such as email and banking-related programs) and implant malware through a technique FireEye calls "Masque Attack."

FireEye said the attack could be used to steal passwords for bank accounts or email accounts or other sensitive data.

“It’s a very powerful vulnerability and it’s very easy to exploit,” Wei Tao, a senior research scientist at FireEye, a company that has a reputation for its research in the cybersecurity industry, said in an interview.

Apple officials did not immediately respond to requests for comment.

Wei Tao said that FireEye had disclosed the existence of the vulnerability to Apple in July, and that Apple representatives had said it was working on fixing the vulnerability.

Wei Tao also said that last month, news about the vulnerability began to leak on some specialized online forums, which are used by network security experts and hackers to discuss information related to Apple's vulnerability.

Wei Tao said FireEye decided to release the research results to the public because Palo Alto Networks discovered the first attack using the vulnerability last week. The hackers used a new malware called "WireLurker" in the attack, which can infect both Macs and iOS devices.

Wei Tao said FireEye is not aware of any other hacker attacks that have also exploited this vulnerability. He said: "WireLurker is the only malware discovered so far, but there will be more in the future."

FireEye recommends that iOS users only download and install apps through Apple's official App Store and not click on the "Install" button that pops up from third-party web pages.

FireEye said it found the vulnerability in iOS 7.1.1, 7.1.2, 8.0, 8.1 and 8.1 beta, both jailbroken and non-jailbroken versions.

As a winner of Toutiao's Qingyun Plan and Baijiahao's Bai+ Plan, the 2019 Baidu Digital Author of the Year, the Baijiahao's Most Popular Author in the Technology Field, the 2019 Sogou Technology and Culture Author, and the 2021 Baijiahao Quarterly Influential Creator, he has won many awards, including the 2013 Sohu Best Industry Media Person, the 2015 China New Media Entrepreneurship Competition Beijing Third Place, the 2015 Guangmang Experience Award, the 2015 China New Media Entrepreneurship Competition Finals Third Place, and the 2018 Baidu Dynamic Annual Powerful Celebrity.