US Gov't Issues Alert About iOS "Masque Attack" Threat

alphadogg writes Three days after security company FireEye warned of an iPhone/iPad threat dubbed "Masque Attack", the U.S. government has issued a warning of its own about this new risk by malicious third-party apps to Apple iOS devices. US-CERT warned: "This attack works by luring users to install an app from a source other than the iOS App Store or their organizations' provisioning system. In order for the attack to succeed, a user must install an untrusted app, such as one delivered through a phishing link." Revelations of Masque came on the heels of a related exploit (that also threatens Macs) called WireLurker.

Re:I don't get it...

You have to get a link from someone, go somewhere that clearly isn't the apple store, download the app which the phone will warn you about, install the app which the phone will again warn you about and accept enterprise provisioning which the phone will warn you about yet again before the malware can do it's thing?

This takes real work on the part of the user to do that they don't normally, or ever see. It's a problem that they let a developer overwrite other apps, but in terms of it being a vulnerability? Welcome to dumb users doing stupid shit they've been told not to do the last 30 damned years.

Blast from the past

[piranha32]

Hi,
    This is an Albanian virus. As you know we are not so technical
    advanced as in the West. We therefore ask you to delete all your
    files on your harddisk manually and send this email to all your
    friends.

    Thanks for helping us,
    The Albanian Hackers

When I saw it many years ago it looked like a good joke