Three days after the Masque Attack report, Apple responds
Earlier this week, cybersecurity company FireEye warned that it had identified a vulnerability in Apple’s mobile operating system that could allow hackers to use Web pages, text messages and emails to fool users into downloading fake apps that could disclose their personal information. In a threat dubbed “Masque Attack” by FireEye, fake apps designed to resemble a legitimate bank or email program could replace genuine apps installed though Apple’s App Store and siphon off users’ personal information back to hackers without users’ knowledge.
Threat downplayed by Apple
Apple in an official statement downplayed this very serious flaw, which has made users doubt the superior security claims of Apple. “We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software,” an Apple representative said, adding that the company was not aware of its customers actually falling victim to such an attack. “We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps. Enterprise users installing custom apps should install apps from their company’s secure website.”
Although there has been no confirmed reports yet of any attacks taking place that use this vulnerability, researchers as FireEye claim that the bug was introduced in iOS7. Which leaves all devices running this version of iOS or higher at risk. Which translates to 95% of all iPhones and iPads under the risk. This bug also does not require a device to be jail broken.
This is the second instance of Apple products falling prey to a security flaw. Last week, security firm Palo Alto Networks described a new attack it discovered, which could allow unapproved apps downloaded from the Internet to infect iPhones when plugged into Mac computers. The attack, called “WireLurker,” was first recognized in China and is based on the same vulnerability FireEye disclosed Monday. These new security flaws have dented Apple’s credibility in the security paradigm a lot.