Apple downplays Masque Attack, government issues warningBy Himanshu Arora
While Apple was quick to acknowledge the existence of the WireLurker malware, and blocked the infected apps, the company has downplayed the threat posed by the recently uncovered Masque Attack, saying that iOS has built-in protections that prevent malware downloads.
"We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software", a company spokesperson said, adding that the company isn't aware of any customers that have actually been affected by the attack.
Discovered by security researchers at research firm FireEye, the Masque Attack takes advantage of a loophole in enterprise/ad-hoc provisioning, allowing apps coded with the same "bundle identifier" to be installed over each other.
The security firm said that hackers can use the attack to install fake third-party apps on an iOS device, replacing the original app with theirs, something which can be achieved by tricking users into installing the app by clicking a phishing link in a text message or email.
Apple has advised that users should only download from trusted sources like the App Store, and should pay attention to any warnings as they download apps. The Cupertino-based company also said that enterprise users installing custom apps should install apps from their company's secure website.
Meanwhile, the US government has issued a bulletin warning iPhone and iPad users about the vulnerability.