Apple addresses "Masque Attack" concerns - says there's nothing to fear

Apple addresses
A few days ago, we talked about Masque Attack – a way for evildoing folks to install a worm into one's iDevice and mask it behind a legit app, such as Gmail. As scary as it sounds, it still requires users to follow a link, in order to get to a site and download the malware, and ignore a warning prompt, which will inform them that the app that's about to be installed should not be trusted.

Yes, it may sound unlikely to you that anyone would ever follow a shady link and then choose to trust an obviously untrustworthy source, but hey – it's a big, big world, and in it – there are a lot of gullible folks – or just children, playing on their parents' iDevices. Also, enterprise apps need to be installed from proprietary sources, not the App Store, so theoretically – it's possible that a phone could be infected in that manner as well.

So, Apple has now acknowledged the Masque Attack method and has dedicated a page on its support website, citing the dos and don'ts of installing enterprise apps from a 3rd party website. Here's a synopsis: If you see the “Untrusted App Developer” warning prompt – click “Don't Trust” and get the app out of your phone faster than you throw a burning coal off of your lap.

On the matter, Apple told the guys over at iMore:



So there you go kids. Don't go following a shady message that reads "OMG, this game is wayy better than Flappy Bird *questionable link here*" and you should be fine.


source: Apple via iMore

FEATURED VIDEO

14 Comments

1. darkkjedii

Posts: 31300; Member since: Feb 05, 2011

Just stop installing this crap. Go to the official App Store only, ya know the one that's on your iPhone. Geez!!!

2. reckless562

Posts: 1153; Member since: Sep 09, 2013

"MasqueGate" anyone? :-D oh u iusers!!!! i just wana hug u all!!!!

3. darkkjedii

Posts: 31300; Member since: Feb 05, 2011

No need to hug me, I got a wife to do that, and my 6 plus works just fine. Go hug the android users dealing with 5.0 lollipop's wifigate :D

13. Scott93274

Posts: 6040; Member since: Aug 06, 2013

ok, I'm getting a little burnt out on the trolling. This stuff it an issue with all platforms.

14. HildyJ

Posts: 338; Member since: Aug 11, 2012

The difference is, Google and Microsoft fix the flaws rather than blame users like Apple does (all the way back to "you're holding it wrong").

4. tedkord

Posts: 17413; Member since: Jun 17, 2009

Enterprise devices may require installation from third party sources for proprietary apps.

5. darkkjedii

Posts: 31300; Member since: Feb 05, 2011

It would still have some official affiliation with, or thru Apple though Ted, Apple would have this worked into its system. People should stop doing this stupid stuff, then crying about it. No platform is 100% secure, you gotta be careful bro.

7. Sauce2

Posts: 199; Member since: Oct 21, 2014

Even if it isn't, a HUGE F***** POPUP COMES UP ASKING TO TRUST THE DEV/APP OR NOT!?!?! People are stupid lol.

9. darkkjedii

Posts: 31300; Member since: Feb 05, 2011

Exactly bro

6. DnB925Art

Posts: 1168; Member since: May 23, 2013

Unfortunately for people in countries like China which blocks it, going through 3rd party stores is the only way to go.

8. Sauce2

Posts: 199; Member since: Oct 21, 2014

There is a warning message that pops up on the iPhone saying they shouldn't download the app as well as giving an option to not trust / trust the dev/app. People who let this happen deserve this.

10. darkkjedii

Posts: 31300; Member since: Feb 05, 2011

Sure do, I only go thru the App Store.

11. Nkolsen

Posts: 60; Member since: Mar 28, 2013

I simply loooooooooove this one....... The OS that "couldnt" Get infected. What do you say now Phil schiller? Moron!

12. strudelz100

Posts: 646; Member since: Aug 20, 2014

The prompt reads "Dumb people click Trust"

Latest Stories

This copy is for your personal, non-commercial use only. You can order presentation-ready copies for distribution to your colleagues, clients or customers at https://www.parsintl.com/phonearena or use the Reprints & Permissions tool that appears at the bottom of each web page. Visit https://www.parsintl.com/ for samples and additional information.