The U.S. government warned Apple gadget owners Thursday to look out for hackers exploiting a newly revealed vulnerability in the mobile operating system iOS.
The so-called “Masque Attack” was disclosed earlier this week by the network security firm FireEye and allows a hacker to replace an iOS app with malware, according to an alert posted on the website of the U.S. Computer Emergency Readiness Team, which operates under the Department of Homeland Security.
“This technique takes advantage of a security weakness that allows an untrusted app—with the same “bundle identifier” as that of a legitimate app—to replace the legitimate app on an affected device, while keeping all of the user’s data,” the warning states. “This vulnerability exists because iOS does not enforce matching certificates for apps with the same bundle identifier.”
The agency warns iOS users not to install apps from sources other than Apple’s official app store or their own organizations, among other precautions.