Earlier this week, we knew that the security firm FireEye detected a vulnerability in iOS called ‘Masque Attack’. Now, Apple denies that this vulnerability is actually a breach of security and ensure that no one has been affected by this attack. According to the firm FireEye, this security hole replaces official applications for other false and malicious so that hackers can divert personal data of users without them noticing.
Although like all OS X and iOS are never released from malicious code to be as closed systems have not had any major problems throughout its history. This week we heard from two problems, one called Wirelurker iOS Attack and another called Masque related to enterprise applications.
As explained FireEye, Apple does not verify the application packages that install developers ‘software’ and other users in the App Store-through links to other website are official or not. Since Apple claim that this is impossible because they have designed iOS and OS X “with built-in security safeguards to help protect customers and warn them of the danger before they install a” software “potentially malicious”.
“We have no evidence that any customer who has been affected by this attack. We encourage users to downloading only from trusted sources, such as the App Store, and pay attention to the warnings when downloading applications,” says Apple .
What makes Masque Attack is simply send us a link for us to download a malicious app that closely resembles a real, such as a mail client or the Facebook app verily. To accept this download our UDID must be in iOS Developer Enterprise Program and also have to click on the URL sent to us and ignore the warning when trying to install iOS.
Masque Attack requires, therefore, a major intervention by the user and therefore is not a big threat for users of iOS Developer Program, which are ultimately the only potential targets.
Official comment from Apple about Masque Attack
Apple stated in a statement to iMore:
We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software. We’re not aware of any customers that have actually been affected by this attack. We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps. Enterprise users installing custom apps should install apps from their company’s secure website.
Additionally, Apple has provided new support page for the steps to install enterprise applications are recommended. Here we can see a clear and simple way how we install applications and which sites we must rely and which are not.