A newly discovered bug in Apple's recent iOS update has been associated with the use of fake applications to hack into Apple devices and obtain private and sensitive information.
With such capabilities, users are tricked into installing such malware which then replaces the genuine applications.
According to American mobile security firm FireEye, these fake apps are downloaded automatically in iPhones and iPads when users read a text message or open a link.
By having the same file name, hackers can easily allow fake apps to replace Apple-approved ones from the App Store, except for Safari and other pre-installed programs. Once these have been installed, such apps can extract personal data which can then be sent to hackers without users knowing it, termed by FireEye as a "masque attack."
This can occur when users receive a text or email with a link to download and install a certain version of an app. Once clicked, the user will be prompted to confirm app installation, allowing the fake and malicious version of the app to be downloaded.
A fake app for Gmail, for instance, will allow hackers to obtain access to personal information and financial data that have been stored on the Apple device.
According to FireEye, this poses significant threats to security because of the malware's subtleness and the users' lack of awareness and knowledge in terms of clicking on malicious links.
iPhones and iPads running on iOS 7.1.1 or 7.1.2 as well as iOS 8.0 or 8.1 should keep a lookout as these are most vulnerable to the said malware. Rebooting one's device will not put a stop to the fake apps obtaining personal data.
FireEye already relayed the issue to Apple last July, which was then publicized last Monday following Palo Alto Networks discussion of such discovery last week.
"We consider it urgent to let the public know, since there could be existing attacks that haven't been found by security vendors," FireEye stated.
Apple has already responded that the company is acknowledging the issue and has been working on how to fix the bug.
"As always, we recommend that users download and install software from trusted sources," the tech giant suggested.
