`
shappy1978
  • 浏览: 700455 次
  • 性别: Icon_minigender_1
  • 来自: 广州
社区版块
存档分类
最新评论

iOS leak: Masque Attack

 
阅读更多

http://www.mercurynews.com/business/ci_26907457/apple-mobile-devices-vulnerable-app-attack-fireeye-says

MILPITAS -- Apple mobile devices can leak users' information through an attack using apps distributed outside the company's App Store, a prominent Silicon Valley security company disclosed Monday.

 

 
 

FireEye announced in a blog post that it told Apple in July that devices using its iOS mobile operating system, such as the iPhone and iPad, were vulnerable to an assault it termed "Masque Attack." However, FireEye researchers said Apple has been unable to work around the issue.

 

 

 
 

"Because all the existing standard protections or interfaces by Apple cannot prevent such an attack, we are asking Apple to provide more powerful interfaces to professional security vendors to protect enterprise users from these and other advanced attacks," the researchers wrote.

 

Apple’s  iPhone 6 (R) and iPhone 6 Plus (L) phones are shown together at a Verizon store in Orem, Utah on September 18, 2014.
Apple's iPhone 6 (R) and iPhone 6 Plus (L) phones are shown together at a Verizon store in Orem, Utah on September 18, 2014. (George Frey/Getty Images)

 

 
 

FireEye found that hackers could offer a mobile app through the Web that would mimic a legitimately downloaded application on a user's device, siphoning important information such as login information or emails. An example provided showed that a third-party app called "New Flappy Bird" could replace the Gmail app and access cached emails, using the same "bundle identifier" that Apple uses for the Gmail app.

 

 

 
 

FireEye said the WireLurker vulnerability disclosed last week by rival Palo Alto Networks, in which a Mac app downloaded from a third-party software store infected connected iOS apps, utilized a form of the Masque Attack vulnerability.

 


Advertisement
<!-- Begin DFP Premium ad uniqueId: dfp-EMBEDDED -->
<iframe style="z-index: 1; position: absolute; top: 0px; left: 0px;" src="http://as.jivox.com/player/iabplayer.php?siteId=94a0cb3ae0eef5&amp;campaignId=53524&amp;ver=1&amp;clickTagURL=http://adclick.g.doubleclick.net/aclk%253Fsa%253DL%2526ai%253DBJxDrEGtlVMrtM8b-9QWCgYH4Bc7auvAFAAAAEAEgzvCHHzgAWKaV8cWUAWDZArIBE3d3dy5tZXJjdXJ5bmV3cy5jb226AQlnZnBfaW1hZ2XIAQnaAWdodHRwOi8vd3d3Lm1lcmN1cnluZXdzLmNvbS9idXNpbmVzcy9jaV8yNjkwNzQ1Ny9hcHBsZS1tb2JpbGUtZGV2aWNlcy12dWxuZXJhYmxlLWFwcC1hdHRhY2stZmlyZWV5ZS1zYXlzmALgXcACAuACAOoCHi84MDEzL21lcmN1cnluZXdzLmNvbS9CdXNpbmVzc_gCgdIekAOwCZgDpAOoAwHgBAGQBgGgBhY%2526num%253D0%2526cid%253D5Ggo4iIIUXSFpi5IP9mp-KHg%2526sig%253DAOD64_21R4hof6goygWNtJdulx0lMSOQZQ%2526client%253Dca-pub-3462608952431826%2526adurl%253Dhttp%253A%252F%252Fwww.sanramonmedctr.com%252Fen-us%252FPages%252Fdefault.aspx&amp;bDim=300x250" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" width="300" height="250"></iframe>
<!-- End DFP Premium ad uniqueId: dfp-EMBEDDED -->

 

 
 

"Masque Attacks can pose much bigger threats than WireLurker," researchers wrote. "Masque Attacks can replace authentic apps, such as banking and email apps, using attacker's malware through the Internet. That means the attacker can steal users' banking credentials by replacing an authentic banking app with malware that has (an) identical (user interface)."

 

 

 
 

Researchers were also surprised to learn that Masque Attack can access information stored in apps even after the malware has replaced the original app. Factory-installed apps such as Apple's Safari browser don't seem to be susceptible, but any app downloaded from Apple's App Store can be cloned, FireEye said.

 

 

 
 

FireEye offered three ways to avoid being a victim of the Masque Attack vulnerability: Do not download any apps that do not come from the App Store or a user's organization, such as an employer; don't install apps offered on pop-ups from third-party websites; and if iOS alerts a user about an "Untrusted App Developer," click "Don't Trust" on the alert and immediately uninstall the app.

 

<iframe src="http://www.youtube.com/embed/76ogdpbBlsU?rel=0&amp;controls=0&amp;showinfo=0" frameborder="0" width="654" height="368"></iframe>

Cupertino-based Apple did not respond to an email request for comment.

Apple stock dropped 0.2 percent to $108.83 Monday, while FireEye shares gained 5.8 percent to $32.39,

分享到:
评论

相关推荐

    fortify规则包概述

    Fortify是一个专注于软件安全分析的公司,提供的Fortify SourceCode Analyzer(Fortify SCA)是一种静态应用程序安全测试(SAST)工具,用于分析源代码,以发现编码中的安全漏洞。本文档是Fortify SCA的用户手册,...

    bundler-leak:捆绑器的已知泄漏的宝石验证

    捆扎机泄漏 ...描述 查找依赖项中泄漏的gem的最佳工具。 确保内存泄漏不在您的... Title: Memory Leak using Celluloid::Future Solution: remove or disable this gem until a patch is available ! Name: therubyracer

    go-leak:检测Go中的各种泄漏

    go-leak是一个软件包,可以帮助您发现代码中的泄漏。 如果您对如何改进此软件包有任何想法或对它有任何疑问,请通过。 注意:此软件包不再起作用。 它适用于我使用较旧的Go版本的某些用例,但对于&gt; = 1.4,则根本不...

    Web_Leak:TDC 2018演示项目-Java Enterprise Track

    将生成两种类型的遏制: 1- Memory Leak 2- Contenção em Threads一般说明因为它是一个非常简单的Web项目,所以只需上载您选择的容器(Jboss,Tomcat等)并部署该项目即可。 选择容器后,添加引用Web模块...

    如何使用Leak检查内存泄漏

    总的来说,使用Leak工具是检测和解决iOS应用内存泄漏的有效方法。通过定期运行性能分析,确保内存管理的正确性,可以大大提高应用的稳定性和用户满意度。同时,开发过程中养成良好的内存管理习惯,比如遵循Apple的...

    xpc-string-leak:CVE-2018-4248

    在macOS 10.13.5和iOS 11.4上,函数_xpc_string_deserialize在使用_xpc_string_create创建XPC字符串对象之前,不会验证反序列化的字符串的长度是否正确。 如果随后将XPC字符串序列化为另一个XPC消息,则可能导致...

    password-leak:用于检查密码泄露的库

    安装npm install @mathiscode/password-leak 浏览器中的用法&lt; script src =" https://cdn.jsdelivr.net/npm/@mathiscode/password-leak@latest " &gt; &lt;/ script &gt;&lt; script &gt; isPasswordCompromised ...

    Pro iOS 5 Tools: Xcode Instruments and Build Tools

    - 使用Leak Instrument:具体介绍了如何通过Leak Instrument来定位内存泄漏点,确保应用在运行过程中不消耗过多的内存资源。 - 处理间歇性崩溃:对于难以复现的崩溃情况,书中提供了实用的调试技巧。 4. **处理...

    jsonp_info_leak:jsonp隐私泄漏发现

    JSONP(JSON with Padding)是一种跨域数据交互协议,它利用了`&lt;script&gt;`标签可以跨域请求资源的特性,广泛应用于Web应用中获取数据。然而,这种技术也带来了一定的安全隐患,尤其是在处理敏感信息时,可能会导致...

    wallarm-source-leak:Wallarm源代码泄漏-Source code leak

    【Wallarm源代码泄漏 - Source Code Leak】 源代码泄漏是一种严重的安全问题,它涉及到软件开发中的敏感信息意外公开。在此次事件中,提及的是“Wallarm源代码泄漏”,Wallarm是一家提供Web应用防火墙(WAF)解决...

    ForkJoinPool-thread-leak:ForkJoinPool 线程泄漏

    ForkJoinPool-thread-leak ForkJoinPool 线程泄漏 我的输出: Iteration 0: 3 threads Iteration 111: 118 threads Iteration 222: 229 threads Iteration 333: 340 threads Iteration 444: 451 threads ...

    Snapchat-Source-Code-Leak:由Khaled Alshehri重新上传史诗级泄漏(https-Source code

    然而,标题提及的“Snapchat-Source-Code-Leak”事件揭示了这款应用程序的源代码可能已被非法泄露。源代码是软件开发的基础,它包含了程序的设计逻辑、算法和功能实现细节,对于任何技术公司而言,源代码的保密性至...

    carbanak_source_code_leak:Carbanak源代码泄漏-Car source code

    【Carbanak源代码泄漏】事件是一次重要的网络安全事件,涉及到的是著名的Carbanak恶意软件的源代码被公开泄露。Carbanak,又被称为Anunak,是一款极具破坏力的银行木马,自2013年起就开始活跃,对全球金融机构造成了...

    Leak:基于ASP的Blog网站

    【标题】"基于ASP的Blog网站泄露"揭示了关于ASP.NET Core、数据库集成以及网站安全相关的知识点。在本文中,我们将深入探讨这些技术及其在构建Web应用中的重要性。 【描述】提到的“建立在asp.net核心上”的博客...

    favicon-leak:Browser浏览器历史记录通过收藏夹泄漏!

    您的浏览器历史记录通过favicon泄漏。 现在检查! 此仓库仅用于演示目的 最近阅读了这份研究 ,之后,我决定寻找比使用大量重定向更有效的方法来使用F-Cache。 我开始寻找一种通过javascript测试F-Cache的方法。...

    Backdoored-1.7.1-Deobf-Source-Leak:Crackdoored 1.7.1 LeakKeygen和源代码-Source code leak

    后门1.7.1 Deobf源泄漏 为了上帝的爱,请勿将哈希码用于HWID GEN 不是很大的更新,但值得泄漏 像往常一样,革命性的keygen技术opswat吸引着像cookie这样的人 后门1.7.1 Mod文件: : 后门1.7.1 Keygen: :

    iGPU-Leak:[CVE-2019-14615] iGPU泄漏

    CVE-2019-14615:iGPU泄漏漏洞何文健,张伟,Sharad Sinha和Sanjeev Das。 iGPU泄漏:英特尔集成GPU上的信息泄漏漏洞。 在第25届亚洲及南太平洋设计自动化会议(ASP-DAC'20)的会议记录中。发生了什么?...

    connection-pool-leak:一个简单的Web应用程序,可让您获取和释放数据源连接

    本项目"connection-pool-leak"正是针对这个主题,通过一个简单的Web应用程序展示了如何获取和释放数据源连接,以及可能遇到的连接池泄漏问题。 首先,我们需要了解什么是数据库连接池。数据库连接池是一种管理...

    USO_Info_Leak:usosvc服务中的两个堆地址泄漏错误

    介绍最近,我们向Microsoft报告了50多个EOP和信息泄漏漏洞。但是,许多案件结案时没有交谈,也没有肮脏的原因(例如说您的报告质量低或严重程度中等)以拒绝支付赏金。作为安全研究人员,我们知道公开公开0day不是一...

Global site tag (gtag.js) - Google Analytics