Experts in the field of information security from FireEye alert that the iPhone and iPad, working on older versions of iOS, exposed to three new variants of Masque attacks that allow attackers to compromise the victim’s device with the help of malicious applications.
The vulnerability, which FireEye has named Manifest Masque Masque and the Extension (CVE-2015-3722 and CVE-2015-3725), allow attackers to install malicious apps on the device and pass them off as legitimate. The attackers, thus, can attack normal apps downloaded from official App Store, or even system apps, such as: Apple Watch, Apple Pay, App Store, Safari and Settings. The vulnerabilities allow attackers to crack the application container data.
Experts also reported is already fixed but not documented vulnerabilities, which they gave the name of the Plugin Masque. This vulnerability allows an attacker to bypass security restrictions iOS and intercept the VPN traffic. Experts FireEye said that one-third of users of iOS devices have not updated them to version 8.1.3, which fixed a vulnerability Plugin Masque, though it came out five months ago, and the device is still susceptible to all three vulnerabilities.
All vulnerabilities fixed in the update version of iOS 8.4, so users are urged to upgrade to the latest OS version.