Apple users warned over iOS bug that could allow rogue apps to steal a user's data

The U.S. government has warned iPhone and iPad users to be on the alert for hackers who may exploit a vulnerability in iOS that would enable them to steal sensitive data.

Cybersecurity firm FireEye says the bug enables hackers to access their devices by persuading users to install malicious applications with tainted text messages,emails and web links.

However, it requires users to install an 'untrusted' app.

There was the potential for hacks using a newly identified technique known as the 'Masque Attack,' the government said in an online bulletin from the National Cybersecurity and Communications Integration Center and the U.S. Computer Emergency Readiness Teams.

Network security company, FireEye disclosed the vulnerability behind the 'Masque Attack' earlier this week, saying it had been exploited to launch a campaign dubbed 'WireLurker' and that more attacks could follow.

Hackers could potentially steal login credentials, access sensitive data stored on iOS devices and remotely monitor activity on those devices, the government said.

Such attacks could be avoided if iPad and iPhone users only installed apps from Apple's App Store or from their own organizations, it said.

Users should not click 'Install' from pop-ups when surfing the web. 

If iOS flashes a warning that says 'Untrusted App Developer,' users should click on 'Don't Trust' and immediately uninstall the app, the bulletin said.

If installed, the malicious application can then be used to replace genuine, trusted apps that were installed through Apple's App Store, including email and banking programs, with malicious software through a technique that FireEye has dubbed 'Masque Attack.'