Apple Responds to Masque Attack Reports: OS X, iOS with Enough Safeguards to Protect Customers

The United States government issued a warning to iPad and iPhone users on Nov. 13, alerting them of possible attacks by hackers who could take advantage of a security flaw in Apple's operating system.

Apple has responded to security vulnerability concerns and says that its iOS and OS X platforms have in-built security features that can safeguard users.

"We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software. We're not aware of any customers that have actually been affected by this attack. We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps," Apple clarified.

The Masque Attack vulnerability that exists in iOS may potentially enable hackers to steal sensitive information. This vulnerability is capable of installing malware, which can behave like authentic apps. The vulnerability was discovered by FireEye, a security firm.

"This technique takes advantage of a security weakness that allows an untrusted app -- with the same 'bundle identifier' as that of a legitimate app -- to replace the legitimate app on an affected device, while keeping all of the user's data," states a bulletin from the U.S. Computer Emergency Readiness Team.

According to the bulletin, the security flaw exists as the Apple operating system does not impose "matching certificates" for applications that have a common bundle identifier.

To avoid data compromise, the CERT is advising mobile device and PC users to desist from downloading iOS apps that are not available in the App Store. Users are also advised not to click on suspicious links and dodgy apps so as to not fall victim to phishing scams, as well as avoid tapping on "Don't Trust" messages on an app that shows "Untrusted App Developer Alert."

Apple advises enterprise users who install customized apps to install applications only via their organization's secure website.

The Masque Attack reportedly affects iOS 7.1.1, iOS 7.1.2 and iOS 8 and iOS 8.1. The vulnerability, however, is not viral and will likely affect users who have disabled the default security features that have been built into Apple's systems, as well as those who manually evade the safeguards.

ⓒ 2024 TECHTIMES.com All rights reserved. Do not reproduce without permission.
Join the Discussion
Real Time Analytics