Apple Responds to 'Masque Attack' Vulnerability, Not Aware of Customers Affected by Attack

Just a couple days after the discovery of an iOS vulnerability referred to as Masque Attack because of its ability to emulate and replace existing legitimate apps with malicious ones, Apple has responded in a statement to iMore. 

"We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software," an Apple spokesperson told iMore. "We're not aware of any customers that have actually been affected by this attack. We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps. Enterprise users installing custom apps should install apps from their company's secure website."

Masque Attack works by luring a user to install an app outside of the iOS App Store by clicking a phishing link in a text message or email. For example, a user could be prompted to download a new app in a text message that says something like "Hey, try out Flappy Bird 2". A user is then directed to a website where they're prompted to download the app, which will install the fake app over the legitimate one using iOS enterprise provision profiles, making it virtually undetectable.

Masque Attack in action
Earlier today, the United States government issued a warning about Masque Attack to iOS users. The vulnerability was discovered just a week after reports of malware called WireLurker surfaced. WireLurker is able to attack iOS devices through OS X using a USB cable. Both vulnerabilities are unlikely to affect the average iOS user as long as Apple's security features are not bypassed.

Both WireLurker and Masque Attack can be avoided by staying away from suspicious apps and avoiding links that prompt users to install apps outside of Apple's App Stores.

Top Rated Comments

(View all)
Avatar
75 months ago
why is being able to install faked apps on iPhone considered a vulnerability, when on every other OS the same thing could happen and they call it "open."
Score: 41 Votes (Like | Disagree)
Avatar
75 months ago

why is being able to install faked apps on iPhone considered a vulnerability, when on every other OS the same thing could happen and they call it "open."

Because Apple always claims that their "closed" system is more secure than those others due to the review process?

Frankly, I don't understand why some people on this forum keep downplaying these security flaws. Perhaps they think they need to "defend" Apple, but that is misguided IMO. The "fappening" made it very obvious that Apple doesn't necessarily act to improve their security policies without public pressure. If that hadn't happended, we'd probably still have the weak iCloud security policy and incomplete 2-factor authentication. Public attention can only help to make the system more secure for everyone by forcing Apple to act.
Score: 24 Votes (Like | Disagree)
Avatar
75 months ago

why is being able to install faked apps on iPhone considered a vulnerability, when on every other OS the same thing could happen and they call it "open."


Because the apps replace an app that is already on the phone that is signed by a different developer. My guess is Apple is doing their usual "there is nothing to see here", while they are working to fix the issue as quietly as possible.
Score: 20 Votes (Like | Disagree)
Avatar
75 months ago

Quite honestly this has already run its course. Enough already.

Indeed. Count on MR to run a sensational story about a trivial threat. After all, gotta get those ad impressions!

It'll have run its course when Apple fixes the problem. You should not expect or want any less.
Score: 14 Votes (Like | Disagree)
Avatar
75 months ago

Because Apple always claims that their "closed" system is more secure than those others due to the review process?

Frankly, I don't understand why some people on this forum keep downplaying these security flaws. Perhaps they think they need to "defend" Apple, but that is misguided IMO. The "fappening" made it very obvious that Apple doesn't necessarily act to improve their security policies without public pressure. If that hadn't happended, we'd probably still have the weak iCloud security policy and incomplete 2-factor authentication. Public attention can only help to make the system more secure for everyone by forcing Apple to act.


While this is a legitimate issue, it's not specific to ONLY iOS. It is a phishing trick than any software can run in to on any system. If Apple fixes this, i'm impress since this is still and issue on every other system. You still get warning emails from your IT guys for not clicking on strange links, dont you? You can't fix stupid (ignore warnings) or greed (free apps).

I think people who are defending Apple is trying to get this point across. there're multitude of apple haters that are trying to make this an iOS issue only hence the need to counter their point. Beside , there's nothing wrong with defending a product/brand than you like, not that they need defending.
Score: 12 Votes (Like | Disagree)
Avatar
75 months ago

Adobe Photoshop? Microsoft Office for OS X? Are these gold standards available on the Mac App Store?

I don't think so...and to install them you have to break security code and change your settings, and allow untrusted installs...

Oh no! Apple doesn't want you installing these evil programs. They want you to use only Pixelmator and Pages...

Right...


Masquerade Attack is an iOS exploit and you are referring to OS X apps. Two different operating systems with two different App Stores.
Score: 9 Votes (Like | Disagree)

Top Stories

iPhone Maker Foxconn Says China's 'Days as the World's Factory Are Done'

Wednesday August 12, 2020 7:55 am PDT by
China will no longer be the world's manufacturing epicenter going forward, according to Apple's largest supply chain partner Foxconn, which has been gradually expanding its operations in other countries amid the U.S.-China trade war. "No matter if it's India, Southeast Asia or the Americas, there will be a manufacturing ecosystem in each," said Foxconn chairman Young Liu, according to Bloombe...

Leaker Jon Prosser: Apple Watch and iPad Launching in September, iPhone 12 Event to Take Place in October

Wednesday August 12, 2020 4:31 pm PDT by
Apple last month confirmed that this year's iPhone 12 models will launch outside of their normal September timeframe and will be "available a few weeks later," which has led to speculation about when an event might be held. Leaker Jon Prosser, who sometimes shares accurate knowledge of Apple's plans, today said that Apple will hold its iPhone 12 event during the week of October 12, with...

Apple Takes Legal Action Against Small Company With Pear Logo

Saturday August 8, 2020 11:09 am PDT by
Apple is taking legal action against the developers of the app "Prepear" due to its logo, according to iPhone in Canada. Prepear is an app that helps users discover recipes, plan meals, make lists, and arrange grocery deliveries. The app is a spinoff of "Super Healthy Kids," and the founders claim that they are facing litigation from Apple. Apple reportedly takes issue with Prepear's logo, ...

Apple to Launch Bundled Subscription Services Called 'Apple One'

Thursday August 13, 2020 3:41 am PDT by
Apple will launch a new range of subscription service bundles called "Apple One" as soon as October, according to a new report by Bloomberg's Mark Gurman. The series of bundles would allow customers to subscribe to several Apple digital services together. This is expected to result in a lower monthly price than when the services are subscribed to individually. Bloomberg reports that the...

Apple Releases iOS and iPadOS 13.6.1 With Fix for Storage Issue and Green Tinted Displays

Wednesday August 12, 2020 1:31 pm PDT by
Apple today released iOS and iPadOS 13.6.1, minor updates that come a month after the release of the iOS 13.6 update with Car Keys and Audio Apple News+ stories. The iOS and ‌iPadOS‌ 13.6.1 updates are available on all eligible devices over-the-air in the Settings app. To access the updates, go to Settings > General > Software Update. iOS 13.6.1 addresses an issue that could cause...

Apple May Release 4G-Only iPhone 12 in Early 2021

Tuesday August 11, 2020 5:28 am PDT by
In a research note shared by Business Insider, Wedbush Securities analysts said that Apple may release a cheaper iPhone 12 in early 2021 with no 5G connectivity. Wedbush initially believed Apple would launch a mix of 4G and 5G iPhone 12 models this fall. Following re-examination of Asian supply chains, analysts Daniel Ives, Strecker Backe, and Ahmad Khalil revised the predictions,...

Apple Removes Fortnite From App Store [Update: Epic Files Lawsuit Against Apple]

Thursday August 13, 2020 11:58 am PDT by
Just hours after Epic Games introduced a new direct payment option for Fortnite that skirts Apple's in-app purchase rules, Apple has pulled the Fortnite app from the App Store. Fortnite is no longer available for download on the iPhone or the iPad, and Apple provided a statement to MacRumors on Fortnite's removal:Today, Epic Games took the unfortunate step of violating the App Store...

iPad Pro Keyboard Comparison: Logitech's $160 Folio Touch vs. Apple's $300 Magic Keyboard

Tuesday August 11, 2020 2:11 pm PDT by
Logitech recently debuted the Folio Touch, a keyboard and trackpad case designed for the 11-inch iPad Pro that serves as an alternative to the Magic Keyboard. In our latest YouTube video, we compare the $160 Folio Touch to Apple's $300 Magic Keyboard to see which is better. Subscribe to the MacRumors YouTube channel for more videos. Logitech is selling the Folio Touch for $160, while Apple's...

Apple Releases macOS Catalina 10.15.6 Supplemental Update With Virtualization Bug Fix

Wednesday August 12, 2020 1:20 pm PDT by
Apple today released a supplemental update for macOS Catalina 10.15.6, with the update coming a month after the original launch of macOS Catalina 10.15.6. The ‌‌macOS Catalina‌‌ 10.15.6 Supplemental Update can be downloaded from the Mac App Store using the Update feature in the System Preferences app. According to Apple's release notes, the update fixes a problem that could cause...

Kuo: Global iPhone Shipments Could Decline Up to 30% If Apple Forced to Remove WeChat From App Store [Updated x2]

Sunday August 9, 2020 10:17 pm PDT by
In a worst-case scenario, Apple's annual global iPhone shipments could decline by 25–30% if it is forced to remove WeChat from its App Stores around the world, according to a new research note from analyst Ming-Chi Kuo viewed by MacRumors. The removal could occur due to a recent executive order aiming to ban U.S. transactions with WeChat and its parent company Tencent. Kuo lays out...