The U.S. government has warned that iOS devices are vulnerable to “masque attacks.” It is just another blow to Apple, which has been inundated with problems since the release of the iPhone 6 and new operating system.
According to government officials, the security flaw was spotted on Monday. Third-party apps can pretend to be legitimate ones on the profiles. People then download and install them, and it can lead to serious issues for the user. Some of the problems noted including getting privileges to root components on a device, monitoring how someone uses their phone, and gain confidential information.
The U.S. Computer Emergency Readiness Teams and National Cybersecurity and Communications Integration Center have written the bulletin, making it clear that this is not something blown out of proportion. It is a serious threat to anyone using iOS devices. This includes iPhones and iPads of all ages.
Attacks will happen usually though a phishing link. The aim is to encourage a user to download from an untrusted site. The good news is that downloading from the official App Store can help avoid this issue happening.
It has been discovered late, as it turns out that this vulnerability is not just an iOS 8 problem. Previous versions, more specifically 7.1.1 and 7.1.2, have also been affected. It is unclear whether the 8.1.1 update will patch this, but the government does not believe it will. It has not in the beta testing so far.
Apple has not yet spoken out about the government-warned iOS vulnerability, called “masque attacks.” It is not the first security flaw to be noted either. Just this month WireLurker was another issue found with the operating system. The benefit of the earlier flaw is that most users will not be affected. It seems that those who bypass security features are the ones at risk of that. Both work by downloading apps outside of the App Stores.
The “masque attack” will replace legitimate apps. In most cases, an individual will have no idea that there has been a security flaw. Most will just believe that they are installing a new update on their device. According to the government, matching certificates for apps are not enforced by Apple, nor do they need the same bundle identifier.
It is another blow for the company after all the problems with iOS 8. When users upgraded their operating system, they ran into issues including not being able to use their device. The 8.1 update was even worse, and led to users being allowed to downgrade their operating system. This was unprecedented. The 8.2 update was released to fix the issues, and now there is an 8.1.1 update due. There is no release date for that yet.
A lot of technology has security flaws. It is not often for the government to release statements about those problems, but this one was deemed serious enough. It has taken years to find it, considering it was on earlier devices, but better late than never. Users are warned by the government to download apps only from official Apple sites to avoid the potential “masque attack” vulnerability in iOS.
By Alexandria Ingham