New ‘Masque Attack’ once again shows that users should only download from the App Store
Once again, another iOS-based exploit has been found that could possibly allow malicious software to be installed on your iPad or iPhone. But much like with WireLurker, regular users shouldn’t worry much about a Masque Attack.
IT security company FireEye detailed the exploit in a comprehensive blog post today. It was identified in iOS 7.1.1, 7.1.2, 8.0, 8.1, and the 8.1.1 beta on both jailbroken and non-jailbroken devices.
Here’s a quick summary of how a Masque Attack works:
In July 2014, FireEye mobile security researchers have discovered that an iOS app installed using enterprise/ad-hoc provisioning could replace another genuine app installed through the App Store, as long as both apps used the same bundle identifier. This in-house app may display an arbitrary title (like “New Flappy Bird”) that lures the user to install it, but the app can replace another genuine app after installation. All apps can be replaced except iOS preinstalled apps, such as Mobile Safari. This vulnerability exists because iOS doesn’t enforce matching certificates for apps with the same bundle identifier.
Malicious parties could use the exploit to do things like steal a victim’s login credentials.
But there are some simple and common sense tips you can use to avoid any issues. Most importantly, only download titles directly from the App Store or your own organization. That means not to click on app download links sent via SMS or other sources.
Also, make sure to not click “Install” on a pop-up from a third-party site. If you ever see an “Untrusted App Developer” alert when opening an app, like in the above image, select “Don’t Trust” and immediately uninstall the app.
For other news today, see: Target announces some spectacular Black Friday deals on Apple products, Barclaycard is now offering an improved Apple Rewards card, and As Apple readies a new R&D center in England, construction on Campus 2 continues.
