#masque attack

Apple responds to Masque Attack malware

In a past report, we were informed that hackers have found a way to replace legitimate apps with malware-infected apps. The new malware has been dubbed Masque Attack. Apple has responded to these attacks.

In a statement sent to iMore, the Cupertino firm said:

We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious…

Apple Vulnerability found[/caption]

Apple’s security is in dubiety again! Just Weeks after the ‘Wirelurker’ malware intrusion, another Ios vulnerability has been found referred to as ‘Masque attack’. It was discovered by FireEye mobile security researchers.  It is named that way because of its ability to replace the legitimate apps with the malicious ones on ios 7 and later.

There was even an official warning from the U.S. government about the masque attack.

How does marque attack work?

This attack technique makes use of a security weakness that allows an untrusted app to have the same identifier as the legitimate app. It aims to replace the legitimate app by its malicious version while keeping all the user data. The existence of this vulnerability is present because Ios does not enforce to match the 'bundle identifier' with the provided 'certificates' for apps.

The way it could reach the common consumer is by a phishing link i.e an illegitimate third party distributor. It involves the luring of consumer to download and install that app.

What can it potentially do?

It can access the victims sensitive data from the caches or even the login credentials directly by mimicking the original app interface.

What did apple say about Masque attack?

Apple has responded via a statement to imore :

“We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software," an Apple spokesperson told iMore. "We're not aware of any customers that have actually been affected by this attack. We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps. Enterprise users installing custom apps should install apps from their company's secure website.”

  How do we save our device from masque attack?

As the apple said, only download the apps from trusted sources. That is the apple mantra for best safety and a very effective one.

Apple on Masque Attack: ‘just use the App Store’

By Nate Swanner Earlier this week, we told you about Masque Attack, which let hackers sideload apps onto your iDevices. Often without you even realizing it, an app was loaded, and scary people somewhere else could gain access to your information. The app loaded may not have even been the app you were looking for when you followed the link, either. Now, Apple …

Source:: http://feeds.slashgear.c…

Apple raspunde acuzatiilor privind o vulnerabilitate grava a iOS

La numai cateva zile dupa ce a iesit la suprafata a doua vulnerabilitate grava a iOS intr-un interval de numai o saptamana, un purtator de cuvant al companiei Apple a oferit un raspuns in legatura cu ea. Cunoscuta sub numele de “Masque Attack”din cauza abilitatii de a imita si inlocui aplicatii existente si legitime cu unele raufacatoare, aceasta vulnerabilitate din iOS nu ar fi afectat pana acum…

OrangeFolks News Update – Apple Users beware of “Masque Attack”

If you own an iPhone or iPad you now have to worry about malicious apps. Hackers have a new way to break into iPhones and iPads by tricking users into downloading spy apps. You may be surprised to know how easy it is to get into such a trap.

The Cybersecurity firm FireEye Inc revealed the vulnerability in iOS 7 and iOS 8 where the phone can download an application that is not there in the Apple’s…