Apple downplays threat posed by Masque Attack bug

Posted on Updated on

A vulnerability could allow hackers to trick users into downloading fake apps, which could siphon off their personal information, researchers warn.

Apple says built-in safeguards warn users of potentially malicious software downloads

Responding to reports of a potential security threat that could allow hackers to steal personal information from iPhones and iPads, Apple issued a statement Thursday indicating that its operating systems have built-in protections to prevent malware downloads.

Earlier this week, cybersecurity company FireEyewarned that it had identified a vulnerability in Apple’s mobile operating system that could allow hackers to use Web pages, text messages and emails to fool users into downloading fake apps that could disclose their personal information. In a threat dubbed “Masque Attack” by FireEye, fake apps designed to resemble a legitimate bank or email program could replace genuine apps installed though Apple’s App Store and siphon off users’ personal information back to hackers without users’ knowledge.

While it said there was no evidence the vulnerability was being actively exploited in the US, FireEye said the bug affects all Apple mobile devices running iOS 7 or later, regardless of whether the device is jailbroken — a user-initiated state that lets you install any app off the Internet. That means roughly 95 percent of all Apple mobile devices currently in use are vulnerable.

However, Apple assured users late Thursday that they were protected from just such a malicious download by early warning systems in both its desktop and mobile operating systems.

“We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software,” an Apple representative said, adding that the company was not aware of its customers actually falling victim to such an attack. “We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps. Enterprise users installing custom apps should install apps from their company’s secure website.”

This is the second time in the past couple of weeks that researchers have raised concerns about Apple product security, which the company has long touted as superior to competing offerings such asAndroid, Google’s mobile operating system.

Last week, security firm Palo Alto Networks described a new attack it discovered, which could allow unapproved apps downloaded from the Internet to infect iPhones when plugged into Mac computers. The attack, called “WireLurker,” was first recognized in China and is based on the same vulnerability FireEye disclosed Monday.

Apple said at the time that it was aware of the vulnerability Palo Alto Networks had discovered and was working on a fix, advising again that users only download programs from trusted sources.



Related articles

Bill Gates heaps praise on Apple Pay
Bill Gates heaps praise on Apple Pay

Create app-specific passwords for iCloud
Create app-specific passwords for iCloud

Apple supplier GT's bankruptcy filing surprises even Apple
Apple supplier GT’s bankruptcy filing surprises even Apple
Power Poll Social All Articles ‎

Leave a Reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s