A report made public by a security company called FireEye describes a new vulnerability found in the iOS operating system. From what is known, this bug allows fake apps to replace the genuine ones and then leak personal data from the respective device.
According to the report, this vulnerability affects every device which runs on iOS 7 or newer, and works on jailbroken as well as non-jailbroken phones and iPads. This means that somewhere around of 95% of the 51.6 million mobile devices sold by Apple could be affected. From what the company is telling us, FireEyes notified Apple about this bug back in July, and waited until yesterday before making the information public.
Basically, this bug allows something called a "Masque Attack". Here is how that works: a hacker sends texts, emails, etc. to dupe users into installing dummy applications that look just like their genuine bank or email apps. Once installed on the device, these fake apps gain access to your personal data and then can easily leak it to their creators.
The worrying fact is that this is the second time a major iOS security flaw was revealed in these past weeks. Last Thursday, another cybersecurity firm called Palo Alto Networks made public another bug which allowed apps downloaded from the Internet that weren't originally approved to infect your device when you connect it to a Mac computer. In regards to the latter vulnerability, Apple stated that they are aware of the problem and working to fix it.
The Cupertino-based company made no comments in regards to the bug freshly reported by FireEye.