Apple Responds to 'Masque Attack' Vulnerability, Not Aware of Customers Affected by Attack

Just a couple days after the discovery of an iOS vulnerability referred to as Masque Attack because of its ability to emulate and replace existing legitimate apps with malicious ones, Apple has responded in a statement to iMore. 

"We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software," an Apple spokesperson told iMore. "We're not aware of any customers that have actually been affected by this attack. We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps. Enterprise users installing custom apps should install apps from their company's secure website."

Masque Attack works by luring a user to install an app outside of the iOS App Store by clicking a phishing link in a text message or email. For example, a user could be prompted to download a new app in a text message that says something like "Hey, try out Flappy Bird 2". A user is then directed to a website where they're prompted to download the app, which will install the fake app over the legitimate one using iOS enterprise provision profiles, making it virtually undetectable.

Masque Attack in action
Earlier today, the United States government issued a warning about Masque Attack to iOS users. The vulnerability was discovered just a week after reports of malware called WireLurker surfaced. WireLurker is able to attack iOS devices through OS X using a USB cable. Both vulnerabilities are unlikely to affect the average iOS user as long as Apple's security features are not bypassed.

Both WireLurker and Masque Attack can be avoided by staying away from suspicious apps and avoiding links that prompt users to install apps outside of Apple's App Stores.

Top Rated Comments

hlfway2anywhere Avatar
103 months ago
why is being able to install faked apps on iPhone considered a vulnerability, when on every other OS the same thing could happen and they call it "open."
Score: 41 Votes (Like | Disagree)
Rigby Avatar
103 months ago
why is being able to install faked apps on iPhone considered a vulnerability, when on every other OS the same thing could happen and they call it "open."
Because Apple always claims that their "closed" system is more secure than those others due to the review process?

Frankly, I don't understand why some people on this forum keep downplaying these security flaws. Perhaps they think they need to "defend" Apple, but that is misguided IMO. The "fappening" made it very obvious that Apple doesn't necessarily act to improve their security policies without public pressure. If that hadn't happended, we'd probably still have the weak iCloud security policy and incomplete 2-factor authentication. Public attention can only help to make the system more secure for everyone by forcing Apple to act.
Score: 24 Votes (Like | Disagree)
bozzykid Avatar
103 months ago
why is being able to install faked apps on iPhone considered a vulnerability, when on every other OS the same thing could happen and they call it "open."

Because the apps replace an app that is already on the phone that is signed by a different developer. My guess is Apple is doing their usual "there is nothing to see here", while they are working to fix the issue as quietly as possible.
Score: 20 Votes (Like | Disagree)
spectrumfox Avatar
103 months ago
Quite honestly this has already run its course. Enough already.
Indeed. Count on MR to run a sensational story about a trivial threat. After all, gotta get those ad impressions!
It'll have run its course when Apple fixes the problem. You should not expect or want any less.
Score: 14 Votes (Like | Disagree)
lincolntran Avatar
103 months ago
Because Apple always claims that their "closed" system is more secure than those others due to the review process?

Frankly, I don't understand why some people on this forum keep downplaying these security flaws. Perhaps they think they need to "defend" Apple, but that is misguided IMO. The "fappening" made it very obvious that Apple doesn't necessarily act to improve their security policies without public pressure. If that hadn't happended, we'd probably still have the weak iCloud security policy and incomplete 2-factor authentication. Public attention can only help to make the system more secure for everyone by forcing Apple to act.

While this is a legitimate issue, it's not specific to ONLY iOS. It is a phishing trick than any software can run in to on any system. If Apple fixes this, i'm impress since this is still and issue on every other system. You still get warning emails from your IT guys for not clicking on strange links, dont you? You can't fix stupid (ignore warnings) or greed (free apps).

I think people who are defending Apple is trying to get this point across. there're multitude of apple haters that are trying to make this an iOS issue only hence the need to counter their point. Beside , there's nothing wrong with defending a product/brand than you like, not that they need defending.
Score: 12 Votes (Like | Disagree)
sparkhill Avatar
103 months ago
Adobe Photoshop? Microsoft Office for OS X? Are these gold standards available on the Mac App Store?

I don't think so...and to install them you have to break security code and change your settings, and allow untrusted installs...

Oh no! Apple doesn't want you installing these evil programs. They want you to use only Pixelmator and Pages...

Right...

Masquerade Attack is an iOS exploit and you are referring to OS X apps. Two different operating systems with two different App Stores.
Score: 9 Votes (Like | Disagree)

Popular Stories

USB C Over Lightning Feature

EU Passes Law to Switch iPhone to USB-C by End of 2024

Tuesday October 4, 2022 3:30 am PDT by
The European Parliament today voted overwhelmingly in favor of enforcing USB-C as a common charging port across a wide range of consumer electronic devices, including the iPhone and AirPods, by the end of 2024. The proposal, known as a directive, forces all consumer electronics manufacturers who sell their products in Europe to ensure that a wide range of devices feature a USB-C port. This...
ipad pro purple

Five Apple Products You Should Avoid Buying Right Now

Wednesday October 5, 2022 2:12 pm PDT by
Rumors suggest that Apple still has several new devices that are coming before the end of the year, including a range of Macs and iPads. It's not looking like we're going to get an October event in 2022, but refreshes are coming soon, probably via press release. If you're planning to buy a Mac or an iPad, make sure to check out our list to know what's safe to pick up now and what's not. iPad ...
General iOS 16 Feature Yellow

10 New iOS 16 Features Coming Later This Year

Monday October 3, 2022 2:41 pm PDT by
iOS 16 was released to the public three weeks ago with a customizable Lock Screen, the ability to edit iMessages, improvements to Focus modes, and much more. And in the coming months, iPhone and iPad users have even more new features to look forward to. We've rounded up 10 new features coming to the iPhone and iPad later this year, according to Apple. Many of the features are part of iOS...
magsafe charger orange

Apple Releases New MagSafe Charger Firmware

Tuesday October 4, 2022 12:09 pm PDT by
Apple today released updated firmware for the MagSafe Charger that is designed to work with the iPhone 12 and later and the AirPods Pro 2. The new firmware is version 10M1821, up from the prior 10M229 firmware. Note that in the Settings app, you'll see a different version number than the firmware number, with the update displayed as version 255.0.0.0 (the prior firmware was 247.0.0.0). The...
maxresdefault

Video: AirPods Pro 2 vs. Bose QuietComfort II

Monday October 3, 2022 12:50 pm PDT by
Apple on September 23 officially launched the second-generation version of the AirPods Pro, introducing updated Active Noise Cancellation, Adaptive Transparency, improved sound, and more. Right around the same time, Bose introduced new QuietComfort II earbuds with many similar features, so we thought we'd compare the two to see which has the edge. Subscribe to the MacRumors YouTube channel for ...
General iOS 16 Feature Yellow

One of iOS 16's Best Features Drains Battery When Enabled

Thursday October 6, 2022 2:15 am PDT by
One of iOS 16's most praised features comes at the cost of draining battery life, according to recently published Apple support documents. The feature, known as "keyboard haptics," is optional in iOS 16 and allows users to get physical feedback via slight vibrations upon the touch of each key, confirming that it was pressed much like keyboard sounds. The feature is a useful addition to the...
aapl logo banner

No October Apple Event Expected Despite Upcoming Wave of New Devices

Wednesday October 5, 2022 2:33 am PDT by
Apple is no longer expected to host an event this month, despite plans to unveil a host of new devices including new iPad and Mac models, according to recent reports. In recent months, Apple has been expected to hold an event in October to announce a range of products that did not receive any stage time during the company's iPhone 14 unveiling event last month. In a recent newsletter, Bloombe...
iOS 16

Apple Preparing iOS 16.0.3 With More Bug Fixes Following iPhone 14 Launch

Monday October 3, 2022 7:53 am PDT by
iOS 16.0.2 was released last month with several bug fixes for iPhone 14 issues, excessive copy and paste permission prompts, and more. Now, evidence suggests that Apple is planning to release iOS 16.0.3 with additional bug fixes. Evidence of an upcoming iOS 16.0.3 software update has shown up in MacRumors analytics logs, which have been a reliable indicator in the past. There are several...
iOS 16

Apple Seeds New Betas of iOS 16.1 and iPadOS 16.1 to Developers [Update: Public Beta Available]

Tuesday October 4, 2022 10:06 am PDT by
Apple today seeded the fourth beta of iOS 16.1 to developers for testing purposes, with the beta coming one week after the release of the third iOS 16.1 beta. The iOS 16.1 beta is also joined by the fifth beta of iPadOS 16.1, which is on a slightly different schedule as Apple started testing it prior to the launch of iOS 16. Registered developers can download the iOS 16‌ and iPadOS 16...
dynamic island outline 1

iOS 16.1 Beta Adds More Pronounced Gray Border Around Dynamic Island When Using Black Wallpapers or in Dark Mode

Tuesday October 4, 2022 11:58 am PDT by
With the latest iOS 16.1 beta, Apple has tweaked the design of the Dynamic Island on the iPhone 14 Pro and Pro Max to make it more visible on a dark background. When using a darker wallpaper or with the darker interface of Dark Mode activated, there is a light gray border around the outside of the Dynamic Island when the screen is dimmed or when the Dynamic Island is in active use. The...