Apple Responds to 'Masque Attack' Vulnerability, Not Aware of Customers Affected by Attack

Just a couple days after the discovery of an iOS vulnerability referred to as Masque Attack because of its ability to emulate and replace existing legitimate apps with malicious ones, Apple has responded in a statement to iMore. 

"We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software," an Apple spokesperson told iMore. "We're not aware of any customers that have actually been affected by this attack. We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps. Enterprise users installing custom apps should install apps from their company's secure website."

Masque Attack works by luring a user to install an app outside of the iOS App Store by clicking a phishing link in a text message or email. For example, a user could be prompted to download a new app in a text message that says something like "Hey, try out Flappy Bird 2". A user is then directed to a website where they're prompted to download the app, which will install the fake app over the legitimate one using iOS enterprise provision profiles, making it virtually undetectable.

Masque Attack in action
Earlier today, the United States government issued a warning about Masque Attack to iOS users. The vulnerability was discovered just a week after reports of malware called WireLurker surfaced. WireLurker is able to attack iOS devices through OS X using a USB cable. Both vulnerabilities are unlikely to affect the average iOS user as long as Apple's security features are not bypassed.

Both WireLurker and Masque Attack can be avoided by staying away from suspicious apps and avoiding links that prompt users to install apps outside of Apple's App Stores.

Popular Stories

Apple Vision Pro 2 Feature 2

Apple Reportedly Suspends Work on Vision Pro 2

Tuesday June 18, 2024 8:17 am PDT by
Apple has suspended work on the second-generation Vision Pro headset to singularly focus on a cheaper model, The Information reports. Apple was widely believed to have plans to divide its Vision product line into two models, with one "Pro" model and one lower-cost standard model. The company is said to have been deprioritizing the next Vision Pro headset over the past year, gradually...
Apple WWDC24 Apple Intelligence hero 240610

Apple Explains iPhone 15 Pro Requirement for Apple Intelligence

Wednesday June 19, 2024 4:48 am PDT by
With iOS 18, iPadOS 18, and macOS Sequoia, Apple is introducing a new personalized AI experience called Apple Intelligence that uses on-device, generative large-language models to enhance the user experience across iPhone, iPad, and Mac. These new AI features require Apple's latest iPhone 15 Pro and iPhone 15 Pro Max models to work, while only Macs and iPads with M1 or later chips will...
2022 back to school apple feature

Apple's 2024 Back to School Sale Launching This Week

Monday June 17, 2024 12:27 pm PDT by
Apple will launch its annual Back to School promotion for university students in the United States and Canada this week, according to Bloomberg's Mark Gurman. Apple's back to school sales provide students with a free Apple gift card when purchasing a Mac or an iPad, and this year's promotion could help Apple push the new M2 iPad Air and M4 iPad Pro models. Last year, Apple offered U.S....
apple watch series 9 display

Kuo: Apple Watch Series 10 to Get Larger Screen and Thinner Design

Monday June 17, 2024 1:20 am PDT by
This year's Apple Watch Series 10 will be thinner and come in larger screen sizes than previous models, according to Apple analyst Ming-Chi Kuo. In his latest industry note -10-and-98075c44ce92">shared on Medium, Kuo said the screen size options on the next-generation Apple Watch will increase from 41mm to 45mm, and from 45mm to 49mm, while being encased in a thinner design. For reference,...
M4 Real Feature Red

M4 MacBook Pro Models Expected to Launch in Late 2024

Tuesday June 18, 2024 10:50 am PDT by
MacBook Pro models with an M4 chip are expected to launch in the fourth quarter of 2024, according to display analyst Ross Young. In a tweet for subscribers, Young said that panel shipments for new 14-inch and 16-inch MacBook Pro models are set to begin in the third quarter of 2024, which suggests a launch toward the end of the year. Apple started its M4 chip refresh in May with the launch...
Apple Pay Later feature 1

Apple Discontinuing Apple Pay Later

Monday June 17, 2024 11:44 am PDT by
Apple is discontinuing Apple Pay Later, the buy now, pay later feature that it just launched last October. Apple Pay Later is being discontinued as of today, but people who have existing Apple Pay Later loans will be able to continue to pay them off and manage them through the Wallet app. Apple announced plans to end the feature in a statement provided to 9to5Mac, which also notes that...
watchOS 11 Thumb 2 1

watchOS 11 Supports Automatic Nap Detection

Monday June 17, 2024 4:05 pm PDT by
watchOS 11 appears to include a new feature that allows an Apple Watch to automatically detect and record when you're taking a nap. As shared on Reddit, an Apple Watch owner took a nap and was able to see the sleep data recorded in the Health app, despite not putting the device in Sleep Mode. Right now, the Apple Watch only tracks and records sleep when it is in Sleep Mode, and there is no...
iPod Nano vs iPod Pro Ad Feature 1

Apple Developing Thinner MacBook Pro, Apple Watch, and iPhone

Monday June 17, 2024 2:22 am PDT by
Apple intends to slim down the MacBook Pro, Apple Watch, and iPhone, with the new ultra-thin M4 iPad Pro a sign of the company's new design trajectory, according to Bloomberg's Mark Gurman. When the M4 iPad Pro was unveiled last month, Apple touted it as the company's thinnest product ever, and even compared it to the 2012 iPod nano to emphasize its slim dimensions. Writing in the latest ...

Top Rated Comments

hlfway2anywhere Avatar
125 months ago
why is being able to install faked apps on iPhone considered a vulnerability, when on every other OS the same thing could happen and they call it "open."
Score: 41 Votes (Like | Disagree)
Rigby Avatar
125 months ago
why is being able to install faked apps on iPhone considered a vulnerability, when on every other OS the same thing could happen and they call it "open."
Because Apple always claims that their "closed" system is more secure than those others due to the review process?

Frankly, I don't understand why some people on this forum keep downplaying these security flaws. Perhaps they think they need to "defend" Apple, but that is misguided IMO. The "fappening" made it very obvious that Apple doesn't necessarily act to improve their security policies without public pressure. If that hadn't happended, we'd probably still have the weak iCloud security policy and incomplete 2-factor authentication. Public attention can only help to make the system more secure for everyone by forcing Apple to act.
Score: 24 Votes (Like | Disagree)
bozzykid Avatar
125 months ago
why is being able to install faked apps on iPhone considered a vulnerability, when on every other OS the same thing could happen and they call it "open."

Because the apps replace an app that is already on the phone that is signed by a different developer. My guess is Apple is doing their usual "there is nothing to see here", while they are working to fix the issue as quietly as possible.
Score: 20 Votes (Like | Disagree)
spectrumfox Avatar
125 months ago
Quite honestly this has already run its course. Enough already.
Indeed. Count on MR to run a sensational story about a trivial threat. After all, gotta get those ad impressions!
It'll have run its course when Apple fixes the problem. You should not expect or want any less.
Score: 14 Votes (Like | Disagree)
lincolntran Avatar
125 months ago
Because Apple always claims that their "closed" system is more secure than those others due to the review process?

Frankly, I don't understand why some people on this forum keep downplaying these security flaws. Perhaps they think they need to "defend" Apple, but that is misguided IMO. The "fappening" made it very obvious that Apple doesn't necessarily act to improve their security policies without public pressure. If that hadn't happended, we'd probably still have the weak iCloud security policy and incomplete 2-factor authentication. Public attention can only help to make the system more secure for everyone by forcing Apple to act.

While this is a legitimate issue, it's not specific to ONLY iOS. It is a phishing trick than any software can run in to on any system. If Apple fixes this, i'm impress since this is still and issue on every other system. You still get warning emails from your IT guys for not clicking on strange links, dont you? You can't fix stupid (ignore warnings) or greed (free apps).

I think people who are defending Apple is trying to get this point across. there're multitude of apple haters that are trying to make this an iOS issue only hence the need to counter their point. Beside , there's nothing wrong with defending a product/brand than you like, not that they need defending.
Score: 12 Votes (Like | Disagree)
sparkhill Avatar
125 months ago
Adobe Photoshop? Microsoft Office for OS X? Are these gold standards available on the Mac App Store?

I don't think so...and to install them you have to break security code and change your settings, and allow untrusted installs...

Oh no! Apple doesn't want you installing these evil programs. They want you to use only Pixelmator and Pages...

Right...

Masquerade Attack is an iOS exploit and you are referring to OS X apps. Two different operating systems with two different App Stores.
Score: 9 Votes (Like | Disagree)