Security researchers say they've discovered a vulnerability in Apple's software, called “Masque Attack,” that hackers could use to steal sensitive information from iPhones or iPads by tricking device owners into downloading a malicious app.
The app can be designed to look like an update for a legitimate app the owner is already using for email, banking or other purposes, according to researchers at the FireEye cybersecurity company. Hackers can send the malicious app in a link, contained in a “phishing” email or text that looks like it comes from a trusted source.
FireEye says it hasn't seen any hackers use the flaw yet. But it's warning users not to install apps that don't come from the official Apple store. FireEye says it has notified Apple, which did not immediately comment.