In just the last week two forms of vulnerabilities have been highlighted in iOS devices through Wirelurker and Masque Attack. The former is a malware capable of attacking iOS devices through a USB cable, while the latter, as the name suggests, can mask iOS Apps with malicious ones. These are quite serious vulnerabilities and yesterday the US government issued a warning to iOS users.
In response, Apple has urged users to only use trusted sources, like App Store. In a statement released to iMore, Apple has said,
“We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software,” an Apple spokesperson told iMore. “We’re not aware of any customers that have actually been affected by this attack. We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps. Enterprise users installing custom apps should install apps from their company’s secure website.”
Users are more likely to be affected by Masque Attack which works by luring the user to a third-party link. These phishing links are sent via e-mail or text with the messages asking users to try out popular Apps. But instead of linking to the App Store the user is taken to a different website where they are prompted to download the App. If they do so it will install a malicious app over the legitimate one using iOS enterprise provision profiles, which makes it almost undetectable.
TheAppleGoogle will advise its readers to not download Apps from third-party websites but only from App Store. If you’re unsure of an App link in an e-mail or text, it’s best to search for the App on the App Store.