Apple dismisses Masque flaw fears

Charlie Osborne

Updated November 14, 2014 at 5:15 AM

Apple has downplayed exploit fears stemming from the discovery of a security loophole that could trick users into downloading malicious apps onto their iOS devices.

On Monday, security researchers at FireEye detailed the discovery of the Masque bug in a new report. The researchers said the bug, in which apps running on iOS 7.1.1 and later — including the latest iOS 8 -- can be replaced with malicious, legitimate-looking applications. Once granted access to a user's device, these apps could theoretically install malware or steal user data.

The "Masque Attack" relies on users falling for phishing attacks and clicking on malicious links in either emails or text messages that point to an app download. It is important to note that these apps are outside the safer confines of Apple's App Store.

FireEye researchers said:

This vulnerability exists because iOS doesn't enforce matching certificates for apps with the same bundle identifier. An attacker can leverage this vulnerability both through wireless networks and USB.

Read this

Speaking to sister site CNET late Thursday, an Apple representative downplayed concerns, saying:

We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software.
We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps. Enterprise users installing custom apps should install apps from their company's secure website.

In addition, the iPad and iPhone maker said that its operating system has built in protections to ward against malware downloads. Apple was not aware of any reports of customers actually falling victim to the attack, the representative added.

This is the second time in as many weeks that Apple has been scrutinized over the security of its products. Last week, security firm Palo Alto Networks discovered the WireLurker malware, which attacks iOS devices through USB connections. The malware was able to install third-party malicious apps, as well as infect Macs through the USB connection. Apple quickly issued a fix for the problem.

Read on: In the world of security

Yahoo Sports
Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race
The value of the Dolphins and Formula One racing is enormous.
Yahoo Sports
What scouts think of Bronny James' NBA prospects
The biggest question looming over the NBA draft combine this week: How will Bronny James do?
Yahoo Sports
2024 NBA Mock Draft 7.0: Who will the Hawks take at No. 1? Our projections for every pick with lottery order now set
With the lottery order set, here's a look at Yahoo Sports' projections for both rounds of the 2024 NBA Draft.
Yahoo Sports
Your favorite WNBA rookies didn’t make the cut. So what’s their path back to the league?
For rookies who were waived, the climb to their pro dreams is steeper, but the path ahead is well-worn with trail markers of established success.
Yahoo Sports
2024 NFL schedule release: Here are the games we know before Wednesday's full announcement
Before Wednesday arrives, football fans got some appetizers as some games were formally announced.
Yahoo Sports
Where does Jared Goff’s $212M extension leave Dak Prescott and Cowboys?
In one scenario, Dallas makes Prescott the highest paid player in NFL history. In another, the Cowboys decline that commitment, at which point another team will make him the top paid player in NFL history.
Yahoo Finance
Utility stocks are on fire — here are Wall Street analysts' top picks
Utility stocks are outperforming the broader markets. Here's a look at three top picks from analysts.
Yahoo Sports
NFL schedule release: Chiefs to host Ravens in 2024 season opener
Chiefs vs. Ravens on Sept. 5 will be a rematch of last season's AFC Championship Game.
Yahoo Sports
MLB Power Rankings: Phillies lead Dodgers, Braves as trio of NL contenders top this week's list
Here's a look at the rookies who have stood out on each team through the first quarter of the 2024 season.
Yahoo Sports
Former MLB infielder, Little League World Series star Sean Burroughs dies at 43
The seven-year major leaguer collapsed while coaching his son's Little League game on Thursday.
Autoblog
Best used cars to buy in 2024: From trucks and SUVs to EVs
The best used cars to buy in 2024 include small and midsize cars, trucks, crossovers and SUVs, and even a couple of used electric cars.
Yahoo Sports
The best RBs for 2024 fantasy football, according to our experts
The Yahoo Fantasy football analysts reveal their first running back rankings for the 2024 NFL season.
Yahoo Finance
Here's 1 big investing mistake you are probably still making
Maybe a 5% CD isn't the best choice for your hard-earned money.
Yahoo Sports
Juan Soto’s unapologetic intensity and showmanship are captivating the Bronx and rubbing off on teammates: ‘Literally every pitch is theater’
The 2024 Yankees have rediscovered their bravado and hold the second-best record in the AL, thanks in large part to the superstar outfielder.
Engadget
The best budgeting apps for 2024
Budgeting apps can help you keep track of your finances, stick to a spending plan and reach your money goals. These are the best budget-tracking apps available right now.
Yahoo Sports
Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'
Murray made a bad night on the court worse during a moment of frustration on the bench.
Yahoo Sports
Architect of PGA-LIV framework agreement resigns in frustration: 'No meaningful progress' toward a deal
Jimmy Dunne cited 'no meaningful progress' being made in negotiations between the PGA Tour and LIV Golf as a reason for his resignation.
Yahoo Sports
Lions reportedly sign QB Jared Goff to 4-year, $212 million extension
The Detroit Lions have had a busy offseason, and that continued on Monday with the reported extension of quarterback Jared Goff.
Yahoo Finance
The FDIC change that leaves wealthy bank depositors with less protection
Affluent Americans may want to double-check how much of their bank deposits are protected by government-backed insurance. The rules governing trust accounts just changed.
Yahoo Sports
Fantasy Baseball Trade Analyzer: Buy into a pair of Astros sluggers
Fantasy baseball analyst Fred Zinkie offers up his top buy low/high and sell low-high candidates for Week 6.

News

Life

Entertainment

Finance

Sports

New on Yahoo

Apple dismisses Masque flaw fears

Read this

Recommended Stories

Dolphins owner Stephen Ross reportedly declined $10 billion for team, stadium and F1 race

What scouts think of Bronny James' NBA prospects

2024 NBA Mock Draft 7.0: Who will the Hawks take at No. 1? Our projections for every pick with lottery order now set

Your favorite WNBA rookies didn’t make the cut. So what’s their path back to the league?

2024 NFL schedule release: Here are the games we know before Wednesday's full announcement

Where does Jared Goff’s $212M extension leave Dak Prescott and Cowboys?

Utility stocks are on fire — here are Wall Street analysts' top picks

NFL schedule release: Chiefs to host Ravens in 2024 season opener

MLB Power Rankings: Phillies lead Dodgers, Braves as trio of NL contenders top this week's list

Former MLB infielder, Little League World Series star Sean Burroughs dies at 43

Best used cars to buy in 2024: From trucks and SUVs to EVs

The best RBs for 2024 fantasy football, according to our experts

Here's 1 big investing mistake you are probably still making

Juan Soto’s unapologetic intensity and showmanship are captivating the Bronx and rubbing off on teammates: ‘Literally every pitch is theater’

The best budgeting apps for 2024

Timberwolves coach Chris Finch calls Jamal Murray's heat-pack toss on court 'inexcusable and dangerous'

Architect of PGA-LIV framework agreement resigns in frustration: 'No meaningful progress' toward a deal

Lions reportedly sign QB Jared Goff to 4-year, $212 million extension

The FDIC change that leaves wealthy bank depositors with less protection

Fantasy Baseball Trade Analyzer: Buy into a pair of Astros sluggers