• "Masque Attack" Vulnerability Allows Malicious Third-Party Apps to be Installed on iOS

    by
    Akshay Masand
    Published on 2014-11-11 12:11 AM
    4 Comments Comments


    A recently-discovered vulnerability in Apple’s mobile operating system could potentially allow attackers to con users into replacing apps that have access to personal information with hacked versions that relay this info to malicious sources. These hacked apps are said to be distributed via email or through web links and installed using iOS’s enterprise provisioning system which allows apps to be added to a device from places other than the App Store.

    According to the security firm, FireEye, the vulnerability, which is dubbed “Masque attack” is possible mainly because iOS doesn’t verify that the code signing certificate is the same for apps that use the same bundle identifier. An app with the same bundle identifier as that of let say Angry Birds could be installed on top of the legitimate Angry Bird app as it basically copies the latter’s user interface but sends login data back to the attackers’ servers instead. The only apps that are said not to be affected are default apps such as Safari and Mail. The security firm claims they notified Apple of the issue at the end of July but the current version of iOS continues to remain vulnerable to the attack.

    Those of you interested in watching a demo of the vulnerability can do so below:



    The Masque attack as a whole can be seen as a form of phishing which is a malicious form of tricking users into submitting sensitive data to real looking website that are in actuality fake. Apple hasn’t responded to the issue just yet but the Cupertino California company likely will as the issue becomes more public.

    Source: FireEye via AppleInsider
    This article was originally published in forum thread: "Masque Attack" Vulnerability Allows Malicious Third-Party Apps to be Installed on iOS started by Akshay Masand View original post
    1. Categories:
    2. iPhone,
    3. iOS,
    4. Apple
    Comments 4 Comments
    1. TDH Advocate's Avatar
      TDH Advocate - 2014-11-11, 01:22 AM
      I wonder if deleting the malicious application would stop the ability of the virus to attack the device.
    1. matakibiker's Avatar
      matakibiker - 2014-11-11, 02:17 AM
      I actually had an 'app' try to install after redirected out of cydia. Threw me off guard when I was asked to install an app, I'm glad I hit cancel!
    1. talkin73's Avatar
      talkin73 - 2014-11-11, 04:20 AM
      Most concerning that they notified apple in July and still persists into a brand new iOS version which has received several updates already. Either apple doesn't think it's a legitimate threat to most users or they are not addressing it in a timely manner.
    1. psxcancer's Avatar
      psxcancer - 2014-11-12, 04:42 PM
      I hope the creators of PMP (protect my privacy) a Cydia App, update their App soon, that was a great App. Anytime a App was trying to access information, PMP would let you know and you could accept or deny access to that information. You'd be amazed at how many games (as an example) try to access your address book, pictures or something like that. I'd hit deny if it had no business in there. A lot of time Apps try to get usage data (I.e Facebook) and PMP would protect against that.

  • Connect With Us

  • Discord

    Join our Discord

  • Twitter Box

  • Facebook