Apple downplays Masque Attack, government issues warning

[Himanshu Arora]

While Apple was quick to acknowledge the existence of the WireLurker malware, and blocked the infected apps, the company has downplayed the threat posed by the recently uncovered Masque Attack, saying that iOS has built-in protections that prevent malware downloads.

"We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software", a company spokesperson said, adding that the company isn't aware of any customers that have actually been affected by the attack.

Discovered by security researchers at research firm FireEye, the Masque Attack takes advantage of a loophole in enterprise/ad-hoc provisioning, allowing apps coded with the same "bundle identifier" to be installed over each other.

The security firm said that hackers can use the attack to install fake third-party apps on an iOS device, replacing the original app with theirs, something which can be achieved by tricking users into installing the app by clicking a phishing link in a text message or email.

Apple has advised that users should only download from trusted sources like the App Store, and should pay attention to any warnings as they download apps. The Cupertino-based company also said that enterprise users installing custom apps should install apps from their company's secure website.

Meanwhile, the US government has issued a bulletin warning iPhone and iPad users about the vulnerability.

Permalink to story.

https://www.techspot.com/news/58831-apple-downplays-masque-attack-government-issues-warning.html

 

[Guest]

Come people listen to what Apple is actually saying! The news media and now the government are blowing this whole thing way out of proportion.

It's simple:

1. Don't jailbreak your phone.
2. Don't download apps outside of the App Store.
3. Enterprise users should only download internal apps from websites they trust or not at all.

Problem solved.

 

[S_Brideau]

Come people listen to what Apple is actually saying! The news media and now the government are blowing this whole thing way out of proportion.

It's simple:

1. Don't jailbreak your phone.
2. Don't download apps outside of the App Store.
3. Enterprise users should only download internal apps from websites they trust or not at all.

Problem solved.

Except this affects even the iphones that haven't been jailbreaked. Apple is known to deny having security holes and then fixing them only after something bad happens. Right now it's hurting them.

Like so many companies they come out with unfinished products and because of that they have bugs and issues. You just have to look at all that's happened since the launch of the iphone 6.

 

[captaincranky]

Come people listen to what Apple is actually saying! The news media and now the government are blowing this whole thing way out of proportion.

It's simple:

1. Don't jailbreak your phone.
2. Don't download apps outside of the App Store.
3. Enterprise users should only download internal apps from websites they trust or not at all.

Problem solved.

Right! Listen to what Apple is saying. Then listen to what you're saying. Oddly, they're pretty much the same. It follows logically, that you're either an Apple Fanbois, or an employee.

Baaaaa, Baaaa,.....back to the Apple pasture.

BTW, I read the news here at Techspot, and I also watch the TV national news. If the TV news gets a story, it's serious, not click bait.

 

[Seventh Reign]

Come people listen to what Apple is actually saying! The news media and now the government are blowing this whole thing way out of proportion.

It's simple:

1. Don't jailbreak your phone.
2. Don't download apps outside of the App Store.
3. Enterprise users should only download internal apps from websites they trust or not at all.

Problem solved.

Too much sarcasm.

 

[Guest]

Ok! So how many vulnerabilities do non-Apple phones have( Android, Windows 10,)? While all phones and operating systems have vulnerabilities the question is how properly are you using the OS device? Most viruses and hacks come from people that think they know better but in fact they don't! Jailbreaking a phone exposes you to a higher risk of being hacked and most of these hacks happened in China and the rest of Asia where the population is more enticed to download from non-official sites not Apple Store.