Friday
Nov142014
Apple issues statement on Masque Attack exploit
Friday, November 14, 2014 at 2:47PM 
Apple has responded to the Masque Attack exploit which is a vulnerability within iOS which powers iPhones, iPads and iPod Touches. The exploit happens with websites, messages or emails luring users to install an app from a source other than the iOS App Store or their organisations’ system. The attack to succeeds when a user installs an untrusted app, such as one delivered through a phishing link.
Hackers can then potentially steal login credentials, access sensitive data stored on iOS devices and remotely monitor activity on those devices. Apple's response to the exploit is the following statement.
"We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software. We’re not aware of any customers that have actually been affected by this attack. We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps. Enterprise users installing custom apps should install apps from their company’s secure website.”
Users who get apps from the app store are not at risk at all and only by disregarding the safeguards of Apple's OS can users render their devices and information vulnreable. Apple has a knowledge base article that gives guidance to enterprise customers, which you can find here: http://support.apple.com/en-us/HT6584
Reader Comments