U.S. Government Issues Warning Against Masque Attack Vulnerability To iOS Users

A couple of days ago, we reported on the Masque Attack vulnerability that replaced legitimate iOS apps with those able to cause harm. Worryingly, the issue affects both jailbroken and non jailbroken devices, and as a mark of its seriousness, the United States government has issued an official warning to those running Apple’s mobile software.

Any major exploit, malware or security exploit is worrying for those who might be affected, but when governments get involved, you get the feeling that things are getting real.

masque-attack-main

The National Cybersecurity and Communications Integration Center and the U.S. Computer Emergency Readiness Teams have warned that the phishing scam is worth worrying about, issuing this bulletin on the matter suggesting that an app may:

-Mimic the original app’s login interface to steal the victim’s login credentials.
-Access sensitive data from local data caches.
-Perform background monitoring of the user’s device.
-Gain root privileges to the iOS device.
-Be indistinguishable from a genuine app.

Obviously, this is not the kind of warning to be taken with a pinch of salt, and while Apple has long since prided itself on being a safe haven from dodgy activity, the modern mobile world is structured in such a way that nobody is safe. The Cupertino company used to make the claim that Macs were immune to PC viruses on its Web page, but with emphasis on the "used to", this statement was abruptly removed after Flashback and subsequent non-niceties came to town.

The note from the authorities that be suggests that users avoid installing apps from popups, which is something of a given among well-informed mobile consumers, and reminds us of the constant advice given to Android users tempted by the trappings of apps that don’t want to operate within Google’s moderated Play Store.

warning main

With Heartbleed and other nuisances having afflicted Apple in recent times, nobody in ownership of a Web connected gadget can afford to be complacent, and after seeing how various groups of hackers have infiltrated sandbox security on devices ranging from the iPhone 5s to the Samsung Galaxy S5 during the past few hours, the age of safe havens has been and gone.

So the takeaway here, is don’t install an app that has appeared by means of a popup, and be sure to take extra care when mooching around for new content.

Be sure to leave your thoughts and comments via the usual mediums below; it’s always great to hear from you guys.

(Source: US-Cert)

You can follow us on Twitter, add us to your circle on Google+ or like our Facebook page to keep yourself updated on all the latest from Microsoft, Google, Apple and the web.