The US Computer Emergency Readiness Team warned Apple customers about a new bug affecting iOS devices that reportedly allows hackers to obtain sensitive information about their iPhones or iPads.
The US-Cert said the iOS users should be wary of "Masque Attack" that was recently discovered by FireEye. The government-owned cyber squad said that Apple customers should be careful of what they click because the new security threat tricks iOS users to install malicious applications.
"This attack works by luring users to install an app from a source other than the iOS App Store or their organizations' provisioning system," the US-Cert said in a statement. "In order for the attack to succeed, a user must install an untrusted app, such as one delivered through a phishing link."
The cyber squad added that the hackers might mimic the user interface (UI) of a legitimate app to obtain login credentials and sensitive data from the device. According to FireEye, this technique could put a user's bank and email accounts in jeopardy using fake email and banking applications.
"Attacker can steal user's banking credentials by replacing an authentic banking app with a malware that has identical UI," FireEye warned. "Surprisingly, the malware can even access the original app's local data, which wasn't removed when the original app was replaced. These data may contain cached emails, or even login-tokens which the malware can use to log into the user's account directly."
In order to avoid being attacked by Hackers, the US-Cert suggested that iOS device owners should not install applications that are not from the official Apple App Store.
Apple customers should also avoid clicking "Install" links from third-party pop-up when browsing web pages. And if given an "Untrusted App Developer" alert, iPhone and iPad owners should immediately click "Don't Trust" and uninstall the application immediately.
FireEye said that they alerted Apple about the big on July 26, but recent tests conducted by security experts revealed that the latest versions of iOS are still vulnerable to such attacks.
