Vulnerability leaves iPhones open to fake app attack
Security researchers have discovered a vulnerability in iPhones and iPads that allows attackers to install fake apps that take the place of legitimate ones.
FireEye, a mobile security company based in California, said the problem, which it calls “Masque Attack,” allows attackers to potentially gain access to vast amounts of personal information.
In a video demonstration of the attack, an iPhone was sent a URL to install a new version of the “Flappy Bird” game. When the link was clicked, the phone asked the user to confirm installation of the game, but upon that confirmation what was actually downloaded and installed was a compromised version of the Gmail app.