iPad and iPhone users are being warned about the discovery of the Masque Attack II iOS hack, which could potentially leave their data open to theft.
FireEye researchers Hui Xue, Zhaofeng Chen, Song Jin, Yulong Zhang and Tao Wei discovered the first edition of the Masque flaw last November, which could allow malicious apps to replace existing enterprise ones on devices. Now the researchers have discovered a sequel.
The group explained in a blog post: "We find that when calling an iOS URL scheme, iOS launches the enterprise-signed app registered to handle the URL scheme without prompting for trust. It doesn't matter whether the user has launched that enterprise-signed app before."
FireEye said even if the user always clicks Don't Trust' to such apps, iOS still launches that enterprise-signed app directly on calling its URL scheme, meaning it could cause unexpected results.
"In other words, when the user clicks on a link in SMS, iOS Mail or Google Inbox, iOS launches the target enterprise-signed app without asking for the user's Trust' or even ignoring the user's Don't Trust'," they continued.
This could enforce a malicious version of a real, safe enterprise app to launch instead, potentially causing the hackers to steal confidential data or corrupt the device.
FireEye is urging iOS users be cautious when clicking on unknown links, especially if they are sent to their device by SMS, email or MMS.
"Users should update devices to 8.1.3 as soon as possible to mitigate the risk as much as possible," the company said. "Apple suggested defending against Masque Attack by the aid of the 'Don't Trust' prompt. We notified Apple that this was inadequate."
