Apple Responds to 'Masque Attack' Vulnerability, Not Aware of Customers Affected by Attack

Just a couple days after the discovery of an iOS vulnerability referred to as Masque Attack because of its ability to emulate and replace existing legitimate apps with malicious ones, Apple has responded in a statement to iMore. 

"We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software," an Apple spokesperson told iMore. "We're not aware of any customers that have actually been affected by this attack. We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps. Enterprise users installing custom apps should install apps from their company's secure website."

Masque Attack works by luring a user to install an app outside of the iOS App Store by clicking a phishing link in a text message or email. For example, a user could be prompted to download a new app in a text message that says something like "Hey, try out Flappy Bird 2". A user is then directed to a website where they're prompted to download the app, which will install the fake app over the legitimate one using iOS enterprise provision profiles, making it virtually undetectable.

Masque Attack in action
Earlier today, the United States government issued a warning about Masque Attack to iOS users. The vulnerability was discovered just a week after reports of malware called WireLurker surfaced. WireLurker is able to attack iOS devices through OS X using a USB cable. Both vulnerabilities are unlikely to affect the average iOS user as long as Apple's security features are not bypassed.

Both WireLurker and Masque Attack can be avoided by staying away from suspicious apps and avoiding links that prompt users to install apps outside of Apple's App Stores.

Popular Stories

ipad mini 2021 youtube

New Report Reveals When to Expect the iPad Mini 7

Tuesday October 1, 2024 2:09 pm PDT by
Apple is working on a new iPad mini that will "potentially" be released "by the end of 2024," according to a report today from Bloomberg's Mark Gurman. Last month, Gurman reported that Apple had "new iPads in the works," including an upgraded version of the iPad mini. At the time, he said the device was "on deck for Apple's October event" alongside the first M4 Macs. The wording in his...
airpods pro 2 gradient

AirPods Pro 3 Expected Next Year: Here's What We Know

Tuesday October 1, 2024 5:47 am PDT by
Despite being released over two years ago, Apple's AirPods Pro 2 continue to dominate the wireless earbud market. However, with the AirPods Pro 3 expected to launch sometime in 2025, anyone thinking of buying Apple's premium earbuds may be wondering if the next generation is worth holding out for. Apart from their audio and noise-canceling performance, which are generally regarded as...
apple silicon mac lineup wwdc 2022 feature purple

MacBook Pro, iMac, and Redesigned Mac Mini With M4 Chips on Track to Launch 'This Year'

Tuesday October 1, 2024 1:57 pm PDT by
Apple plans to release new MacBook Pro, iMac, and Mac mini models with the M4 series of chips "this year," according to Bloomberg's Mark Gurman. Gurman initially said these Macs would likely be announced during a virtual event this October, but he has been more vague about the timing lately, with wording such as "in the coming weeks" and now merely "this year." In any case, it is clear that...
15 New Things Your iPhone Can Do in iOS 18

15 New Things Your iPhone Can Do in iOS 18.1

Friday September 27, 2024 6:14 am PDT by
Apple is set to release iOS 18.1 in October, bringing the first set of Apple Intelligence features to iPhone 15 Pro and iPhone 16 models. This update marks a significant step forward in Apple's AI integration, offering a new Siri contextually-aware experience and a range of additional capabilities powered by on-device machine learning and large language models. There are a couple of handy new...
iPhone SE 4 Thumb 2

Apple's Next New iPhone to Debut in the Spring: What to Expect

Tuesday October 1, 2024 3:14 am PDT by
Apple's budget-friendly iPhone SE is set for a major overhaul with a fourth generation model expected to launch in spring 2025. The upcoming model will mark a significant departure from its predecessors, adopting several features from higher-end iPhones while maintaining its position as the most affordable new model in Apple's lineup. According to recent reports, the iPhone SE 4 will sport a ...
iPhone SE 4 Thumb 1

iPhone SE With Apple Intelligence, New iPad Air, and More Reportedly Launching 'Early Next Year'

Tuesday October 1, 2024 12:38 pm PDT by
Apple plans to release a new iPhone SE with Apple Intelligence support, new iPad Air models, and an updated Magic Keyboard for the iPad Air at some point "early next year," according to a report today from Bloomberg's Mark Gurman. The next iPhone SE will have a similar design as the iPhone 14, including an edge-to-edge screen with a notch, according to Gurman. This means the device will...
m3 mbp space black

What to Expect From an Apple Event in October: iPad Mini 7, Redesigned Mac Mini, and More

Friday September 27, 2024 11:47 am PDT by
Apple will likely hold another event in October this year to announce new Macs and iPads. If so, it would be the fourth time in the last five years that Apple has held an event in October. Last year, Apple held a virtual event on Monday, October 30 to announce new MacBook Pro and iMac models with the M3 series of chips. Subscribe to the MacRumors YouTube channel for more videos. Below, we...
Generic iOS 18

iOS 18.0.1 Coming Soon: What to Expect for Your iPhone

Wednesday October 2, 2024 5:50 am PDT by
Following the release of iOS 18 for the iPhone last month, Apple is preparing to release iOS 18.0.1 with bug fixes in the near future. We previously reported that Apple has been internally testing iOS 18.0.1, and today a private account on X with a proven track record of sharing iOS-related information said the update will have a build number of 22A3370. We expect iOS 18.0.1 to be a minor ...

Top Rated Comments

hlfway2anywhere Avatar
129 months ago
why is being able to install faked apps on iPhone considered a vulnerability, when on every other OS the same thing could happen and they call it "open."
Score: 41 Votes (Like | Disagree)
Rigby Avatar
129 months ago
why is being able to install faked apps on iPhone considered a vulnerability, when on every other OS the same thing could happen and they call it "open."
Because Apple always claims that their "closed" system is more secure than those others due to the review process?

Frankly, I don't understand why some people on this forum keep downplaying these security flaws. Perhaps they think they need to "defend" Apple, but that is misguided IMO. The "fappening" made it very obvious that Apple doesn't necessarily act to improve their security policies without public pressure. If that hadn't happended, we'd probably still have the weak iCloud security policy and incomplete 2-factor authentication. Public attention can only help to make the system more secure for everyone by forcing Apple to act.
Score: 24 Votes (Like | Disagree)
bozzykid Avatar
129 months ago
why is being able to install faked apps on iPhone considered a vulnerability, when on every other OS the same thing could happen and they call it "open."

Because the apps replace an app that is already on the phone that is signed by a different developer. My guess is Apple is doing their usual "there is nothing to see here", while they are working to fix the issue as quietly as possible.
Score: 20 Votes (Like | Disagree)
spectrumfox Avatar
129 months ago
Quite honestly this has already run its course. Enough already.
Indeed. Count on MR to run a sensational story about a trivial threat. After all, gotta get those ad impressions!
It'll have run its course when Apple fixes the problem. You should not expect or want any less.
Score: 14 Votes (Like | Disagree)
lincolntran Avatar
129 months ago
Because Apple always claims that their "closed" system is more secure than those others due to the review process?

Frankly, I don't understand why some people on this forum keep downplaying these security flaws. Perhaps they think they need to "defend" Apple, but that is misguided IMO. The "fappening" made it very obvious that Apple doesn't necessarily act to improve their security policies without public pressure. If that hadn't happended, we'd probably still have the weak iCloud security policy and incomplete 2-factor authentication. Public attention can only help to make the system more secure for everyone by forcing Apple to act.

While this is a legitimate issue, it's not specific to ONLY iOS. It is a phishing trick than any software can run in to on any system. If Apple fixes this, i'm impress since this is still and issue on every other system. You still get warning emails from your IT guys for not clicking on strange links, dont you? You can't fix stupid (ignore warnings) or greed (free apps).

I think people who are defending Apple is trying to get this point across. there're multitude of apple haters that are trying to make this an iOS issue only hence the need to counter their point. Beside , there's nothing wrong with defending a product/brand than you like, not that they need defending.
Score: 12 Votes (Like | Disagree)
sparkhill Avatar
129 months ago
Adobe Photoshop? Microsoft Office for OS X? Are these gold standards available on the Mac App Store?

I don't think so...and to install them you have to break security code and change your settings, and allow untrusted installs...

Oh no! Apple doesn't want you installing these evil programs. They want you to use only Pixelmator and Pages...

Right...

Masquerade Attack is an iOS exploit and you are referring to OS X apps. Two different operating systems with two different App Stores.
Score: 9 Votes (Like | Disagree)