U.S. Government Warns iOS Users About 'Masque Attack' VulnerabilityThe United States government today
issued a bulletin warning iPhone and iPad users about the recent "Masque Attack" vulnerability,
a security flaw that first surfaced on Monday of this week, reports
Reuters. Masque Attack is a vulnerability that can allow malicious third-party iOS apps to masquerade as legitimate apps via iOS enterprise provision profiles.
Written by the National Cybersecurity and Communications Integration Center and the U.S. Computer Emergency Readiness Teams, the bulletin outlines how Masque Attack spreads -- luring users to install an untrusted app through a phishing link -- and what a malicious app is capable of doing.
An app installed on an iOS device using this technique may:
-Mimic the original app's login interface to steal the victim's login credentials.
-Access sensitive data from local data caches.
-Perform background monitoring of the user's device.
-Gain root privileges to the iOS device.
-Be indistinguishable from a genuine app.
The post also advises iOS users to protect themselves by avoiding apps that have been installed from sources other than the App Store or an organization they're affiliated with, avoiding tapping "Install" on third-party pop-ups when viewing web pages, and tapping "Don't Trust" on any iOS app that shows an "Untrusted App Developer Alert."
<center><iframe width="560" height="340" src="//www.youtube.com/embed/76ogdpbBlsU" frameborder="0" allowfullscreen></iframe></center><center>
Masque Attack in action</center>
Computer security alerts issued by the government are fairly rare, and only 13 have been sent over the course of 2014. Other vulnerabilities that have prompted alerts include
Heartbleed and an SSL 3.0 flaw called "Poodle."
FireEye, the team that discovered Masque Attack, has notified Apple about the vulnerability, but it has not been patched in the recent iOS 8.1.1 beta thus far. It also affects iOS 7.1.1, 7.1.2, 8.0, and 8.1, and as of today, Apple has not yet commented on Masque Attack.
Masque Attack,
along with WireLurker, another vulnerability outlined earlier this month, is unlikely to affect the average iOS user so long as Apple's security features are not bypassed. Masque Attack works by circumventing the iOS App Store to install apps, while WireLurker is similar, infecting machines via third-party software downloaded outside of the Mac App Store.
Both WireLurker and Masque Attack can be avoided by staying away from suspicious apps and avoiding links that prompt users to install apps outside of Apple's App Stores.
Recent Mac and iOS Blog Stories •
MacRumors Folding@home Team Reaches Two Billion Points •
SanDisk iXpand Flash Drive Offers USB and Lightning Connectors for Easy File Transfers •
How to Enable Family Sharing in iOS 8 and OS X Yosemite •
AT&T Offering $50 Bill Credit for iPhone Upgrades Made Through Apple Online and Retail Stores •
Regions Bank Adds Support for Apple Pay •
Microsoft to Open Source .NET Stack, Expand Platform to OS X, Linux •
Box for iOS Updated with Touch ID and iPhone 6 Support, Notification Center Widget •
Wal-Mart Offering Gift Cards with Purchase of Discounted iPads and More on Black Friday<img width='1' height='1' src='
http://rss.feedsportal.com/c/35070/f/648327/s/4074f616/sc/15/mf.gif' border='0'/><br clear='all'/>
<a href="
http://da.feedsportal.com/r/211597557140/u/49/f/648327/c/35070/s/4074f616/sc/15/rc/1/rc.htm" rel="nofollow"><img src="
http://da.feedsportal.com/r/211597557140/u/49/f/648327/c/35070/s/4074f616/sc/15/rc/1/rc.img" border="0"/>[/url]
<a href="
http://da.feedsportal.com/r/211597557140/u/49/f/648327/c/35070/s/4074f616/sc/15/rc/2/rc.htm" rel="nofollow"><img src="
http://da.feedsportal.com/r/211597557140/u/49/f/648327/c/35070/s/4074f616/sc/15/rc/2/rc.img" border="0"/>[/url]
<a href="
http://da.feedsportal.com/r/211597557140/u/49/f/648327/c/35070/s/4074f616/sc/15/rc/3/rc.htm" rel="nofollow"><img src="
http://da.feedsportal.com/r/211597557140/u/49/f/648327/c/35070/s/4074f616/sc/15/rc/3/rc.img" border="0"/>[/url]
<img src="[url]http://da.feedsportal.com/r/211597557140/u/49/f/648327/c/35070/s/4074f616/sc/15/a2.img" border="0"/>[/url]<img width="1" height="1" src="
http://pi.feedsportal.com/r/211597557140/u/49/f/648327/c/35070/s/4074f616/sc/15/a2t.img" border="0"/><div class="feedflare">
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=yIl2AUoC8zA" border="0"></img>[/url]
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=6W8y8wAjSf4" border="0"></img>[/url]
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=qj6IDK7rITs" border="0"></img>[/url]
</div><img src="
http://feeds.feedburner.com/~r/MacRumors-Front/~4/hucbZ0PUASI" height="1" width="1"/>
Source:
U.S. Government Warns iOS Users About 'Masque Attack' Vulnerability
