The year 2015 has been a nightmare for all smartphone users irrespective of the platform. In the mid of the year, around 950 million users came to know that they can be a target of a malware known as Stagefright attacks, which can be launched in a variety of manners including through a simple text message. Experts have always rated iOS as a safer platform, but Masque Attack and XcodeGhost imposed some serious threats on the iOS users. The malware could be spread through reliable and unreliable apps in and outside the official app store.
The number of users affected by such vulnerabilities is above a billion. The scarier fact is that there have been hundreds of loopholes in the operating systems that never come in the light. Whereas, some of the problems that are made public and experts made users aware of them as they were extremely devastating.
Stagefright is not a single malware. It is the name of a number of loopholes that are found in the media playback framework on Android devices, which makes it a blessing for the vulnerability researcher. In just a month, the monthly cycle covered 15 more remote code executable vulnerabilities labeled as critical and related directly to Stagefright. This vulnerability can cause a long term effect on your phone, even for months. Users are looking forward towards Google to fix this issue and give them a sense of security. Google has noted this problem and they are probably working to heal it.
This malware is specific to the arguably the most secure and stable operating system, iOS. It is to be noted that this is not a vulnerability of the OS itself, instead it is associated to the tool that is used to build iOS apps. The iOS developers have been using a flawed version of the Xcode development tool that causes this miserable security patch. The iOS developers have been engineering apps that have a tendency of taking information. Although, Apple has been working to get the infected application off their official store, but, still, the problem hasn’t been solved. The bug has made attackers realized that attacking at the developer level can give them the desired fruit.
The Masque Attack involves the technique of reverse engineering. Through which, it can replace a reliable or legitimate app like Facebook with a malware. It helps the attacker to steal the most personal information of the user. There were around 11 masque applications were found that were able to replace any legitimate application after they were installed in the phone by the user. The attack is stimulated through spoofing reliable application. If there was any basic tool to prevent tampering, the effect of masque attack could have been neutralized.