Following the discovery of the serious iOS vulnerability known as Masque Attack, Apple has issued a statement to iMore, claiming that it is not aware of users experiencing this problem, but that users should be aware of online malware that circumvents Apple’s existing security measures.
“We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software,” said an Apple spokesperson. “We’re not aware of any customers that have actually been affected by this attack. We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps. Enterprise users installing custom apps should install apps from their company’s secure website.”
Masque Attack was discovered by the FireEye mobile security research team. It works by mimicking and replacing the legitimate apps installed on your iPhone with decoys which then steal personal information with users realizing it.
Below is a video showing how the attacks work:
While Masque Attacks are certainly serious, however, like the previous WireLurker vulnerability it should be noted that users have to download and install apps from outside the App Store and then hit “Trust” on the warning dialog boxes which come up.
Put simply, you have to consciously and wilfully ignore Apple’s built-in safeguards to be affected.
Luke Dormehl is a U.K.-based journalist and author, with a background working in documentary film for Channel 4 and the BBC. He is the author of The Apple Revolution and The Formula: How Algorithms Solve All Our Problems … and Create More, both published by Penguin/Random House. His tech writing has also appeared in Wired, Fast Company, Techmeme and other publications.
