A second dangerous flaw in Apple's iOS operating system, codenamed Masque Attack II, is leaving enterprise iPhone and iPad users open to attack, according to research from FireEye.
FireEye researchers Hui Xue, Zhaofeng Chen, Song Jin, Yulong Zhang and Tao Wei reported uncovering the flaw in a threat advisory, seen by V3.
"In November of last year, we uncovered a major flaw in iOS we dubbed ‘Masque Attack' that allowed for malicious apps to replace existing, legitimate ones on an iOS device via SMS, email or web browsing," read the advisory. "Today, we are sharing Masque Attack II."
Jason Steere, director of technology strategy at FireEye, told V3 that Masque Attack II is more dangerous as it is capable of "bypassing iOS prompts for trust and iOS URL scheme hijacking".
Apple fixed the first flaw in iOS 8.1.3, although earlier versions are still vulnerable. The iOS URL scheme problem reportedly stems from the way the OS lets apps communicate with one another.
"We find that when calling an iOS URL scheme, iOS launches the enterprise-signed app registered to handle the URL scheme without prompting for trust. It doesn't matter whether the user has launched that enterprise-signed app before," read the threat paper.
"Even if the user has always clicked ‘Don't Trust', iOS still launches that enterprise-signed app directly on calling its URL scheme.
"In other words, when the user clicks on a link in SMS, iOS Mail or Google Inbox, iOS launches the target enterprise-signed app without asking for the user's ‘Trust' or even ignoring the user's ‘Don't Trust'."
The flaw means that hackers could theoretically force an iOS device to launch a malicious version of a legitimate app instead of the intended one.
Steere said that the ability is troubling as it could be used by criminals to target enterprise customers in several ways.
"By crafting and distributing an enterprise-signed malware that registers app URL schemes identical to the ones used by legitimate popular apps, an attacker may hijack legitimate apps' URL schemes and mimic their UI to carry out phishing attacks, e.g. stealing the log-in credentials for banking fraud or social media hijacking," he said.
The FireEye director urged Apple device users to take a variety of protective measures against Masque Attack II.
"Users of iOS devices should be careful about the SMS, MMS and email links they click on to ensure they are not being taken to a possible malicious app. Users should update devices to 8.1.3 as soon as possible to mitigate the risk as much as possible," he said.
The FireEye researchers chose to disclose the bug publicly after Apple declined to take action following their private disclosure.
"Apple suggested defending against Masque Attack by the aid of the 'Don't Trust' prompt. We notified Apple that this was inadequate," read the advisory.
Masque II is not the first time FireEye researchers have criticised Apple's security practices.
V3 contacted Apple for response to the FireEye report but had recieved no reply at the time of publication.
Dave Merkel, FireEye CTO, said in October that Apple and its users labour under a false belief that they are immune to cyber attacks.
Biggest screen ever, Qualcomm Snapdragon 835 and 6GB of RAM for forthcoming Samsung Galaxy Note 8
Windows 10 Chinese Government Edition completed by Microsoft
And even when IoT projects do get completed, one-third aren't considered a success
So, the Frontier Edition launches at the end of June, the Radeon RX Vega in July - and the Ryzen 3 straight after?