news aggregator

TA14-317A: Apple iOS "Masque Attack" Technique

US-CERT - Thu, 2014-11-13 09:17
Original release date: November 13, 2014
Systems Affected

iOS devices running iOS 7.1.1, 7.1.2, 8.0, 8.1, and 8.1.1 beta.

Overview

A technique labeled “Masque Attack” allows an attacker to substitute malware for a legitimate iOS app under a limited set of circumstances.

Description

Masque Attack was discovered and described by FireEye mobile security researchers.[1] This attack works by luring users to install an app from a source other than the iOS App Store or their organizations’ provisioning system. In order for the attack to succeed, a user must install an untrusted app, such as one delivered through a phishing link.  

This technique takes advantage of a security weakness that allows an untrusted app—with the same “bundle identifier” as that of a legitimate app—to replace the legitimate app on an affected device, while keeping all of the user’s data. This vulnerability exists because iOS does not enforce matching certificates for apps with the same bundle identifier. Apple’s own iOS platform apps, such as Mobile Safari, are not vulnerable.

Impact

An app installed on an iOS device using this technique may:

  • Mimic the original app’s login interface to steal the victim’s login credentials.
  • Access sensitive data from local data caches.
  • Perform background monitoring of the user’s device.
  • Gain root privileges to the iOS device.
  • Be indistinguishable from a genuine app.
Solution

iOS users can protect themselves from Masque Attacks by following three steps:

  1. Don’t install apps from sources other than Apple’s official App Store or your own organization.
  2. Don’t click “Install” from a third-party pop-up when viewing a web page.
  3. When opening an app, if iOS shows an “Untrusted App Developer” alert, click on “Don’t Trust” and uninstall the app immediately.

Further details on Masque Attack and mitigation guidance can be found on FireEye’s blog [1]. US-CERT does not endorse or support any particular product or vendor.

References Revision History
  • November 13, 2014: Initial Release

This product is provided subject to this Notification and this Privacy & Use policy.


Categories: news, security

ISPs Blocking TLS Encryption

Schneier on Security - Thu, 2014-11-13 08:10
It's not happening often, but it seems that some ISPs are blocking STARTTLS messages and causing web encryption to fail. EFF has the story....
Categories: security

EFF Calls Out ISPs Modifying STARTTLS Encryption Commands

LinuxSecurity.com - Thu, 2014-11-13 04:23
LinuxSecurity.com: As Net Neutrality debates swirl, privacy advocates at the Electronic Frontier Foundation and VPN provider Golden Frog have gone public with a Federal Communications Commission filing that got more attention for accusations that Verizon FIOS customers were having their Netflix streaming service throttled back.
Categories: linux, news, security

Hacker Lexicon: What Is a Zero Day?

LinuxSecurity.com - Thu, 2014-11-13 04:21
LinuxSecurity.com: Zero day actually refers to two things-a zero-day vulnerability or a zero-day exploit. Zero-day vulnerability refers to a security hole in software-such as browser software or operating system software-that is yet unknown to the software maker or to antivirus vendors.
Categories: linux, news, security

Ubuntu: 2409-1: QEMU vulnerabilities

LinuxSecurity.com - Thu, 2014-11-13 03:43
LinuxSecurity.com: Several security issues were fixed in QEMU.
Categories: linux, news, security

PHP 5.6.3 is available

php.net - Thu, 2014-11-13 00:00
The PHP development team announces the immediate availability of PHP 5.6.3. This release fixes several bugs and one CVE in the fileinfo extension. All PHP 5.6 users are encouraged to upgrade to this version. For source downloads of PHP 5.6.3 please visit our downloads page, Windows binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.
Categories: news, PHP

PHP 5.5.19 is available

php.net - Thu, 2014-11-13 00:00
The PHP development team announces the immediate availability of PHP 5.5.19. This release fixes several bugs and one CVE in the fileinfo extension. All PHP 5.5 users are encouraged to upgrade to this version. For source downloads of PHP 5.5.19 please visit our downloads page, Windows binaries can be found on windows.php.net/download/. The list of changes is recorded in the ChangeLog.
Categories: news, PHP

Red Hat: 2014:1852-01: flash-plugin: Critical Advisory

LinuxSecurity.com - Wed, 2014-11-12 14:46
LinuxSecurity.com: An updated Adobe Flash Player package that fixes multiple security issues is now available for Red Hat Enterprise Linux 5 and 6 Supplementary. Red Hat Product Security has rated this update as having Critical security [More...]
Categories: linux, news, security

An Introduction to OpenGL Programming

Linux Journal - Wed, 2014-11-12 14:01

OpenGL is a well-known standard for generating 3-D as well as 2-D graphics that is extremely powerful and has many capabilities. OpenGL is defined and released by the OpenGL Architecture Review Board (ARB).

This article is a gentle introduction to OpenGL that will help you understand drawing using OpenGL. more>>

Categories: linux, news, open source

Debian: 3050-3: iceweasel: Summary

LinuxSecurity.com - Wed, 2014-11-12 10:46
LinuxSecurity.com: Security Report Summary
Categories: linux, news, security

Narrowly Constructing National Surveillance Law

Schneier on Security - Tue, 2014-11-11 15:13
Orin Kerr has a new article that argues for narrowly constructing national security law: This Essay argues that Congress should adopt a rule of narrow construction of the national security surveillance statutes. Under this interpretive rule, which the Essay calls a "rule of lenity," ambiguity in the powers granted to the executive branch in the sections of the United States...
Categories: security

Pages