In a blog post Monday, researchers with Milpitas security firm FireEye described a path through which hackers could take over a legitimately downloaded iOS mobile application and potentially siphon personal information. The malicious software would be delivered through an app downloaded from the Web, which Apple and FireEye strongly warned against.
"We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps," the Apple statement read. "Enterprise users installing custom apps should install apps from their company's secure website."
An approach similar to the Masque Attack vulnerability was used in software found on a site offering Mac applications in China that could attack iPhones and iPads as they synced with Apple PCs. That vulnerability was disclosed last week by FireEye rival Palo Alto Networks.
"Because all the existing standard protections or interfaces by Apple cannot prevent such an attack, we are asking Apple to provide more powerful interfaces to professional security vendors to protect enterprise users from these and other advanced attacks," the FireEye researchers wrote Monday.
Apple ended Thursday with its highest market capitalization on record, $663 billion, topping previous highs set in 2012.
©2014 the San Jose Mercury News (San Jose, Calif.)