Skip to main content

Major iOS security flaw ‘Masque Attack’ reportedly uncovered, found to ‘pose much bigger threat’ than WireLurker

Masque Attack

Last week, it was reported that Mac and iOS users in China were the target of new malware called WireLurker that resulted in Apple confirming the security issue and blocking the affected malware apps. Just days later, mobile security research firm FireEye reports it has uncovered a major iOS security flaw that it claims poses a much bigger threat to Apple users than WireLurker.

According to FireEye, the new so-called “Masque Attack” security flaw was uncovered in July and exists because iOS does not enforce matching certificates for apps with the same bundle identifier. As such, an attacker could lure an iPhone, iPad or iPod touch user to install an app with a deceiving name such as “New Flappy Bird” or “Angry Bird Update” that, unbeknownst to the user, is actually malicious. Only preinstalled apps like Mobile Safari are said to be unaffected.

“Masque Attacks can replace authentic apps, such as banking and email apps, using attacker’s malware through the Internet,” claims FireEye. “That means the attacker can steal user’s banking credentials by replacing an authentic banking app with an malware that has identical UI. Surprisingly, the malware can even access the original app’s local data, which wasn’t removed when the original app was replaced. These data may contain cached emails, or even login-tokens which the malware can use to log into the user’s account directly.”

FireEye claims that it notified Apple about this vulnerability, which affects both non-jailbroken and jailbroken devices running iOS 7.1.1 through iOS 8.1.1 beta, on July 26th. The mobile security research firm claims that Masque Attack has severe security consequences, including the ability for attackers to “mimic the original app’s login interface to steal the victim’s login credentials” and “use Masque Attacks to bypass the normal app sandbox and then get root privileges by attacking known iOS vulnerabilities, such as the ones used by the Pangu team.”

Pangu is the Chinese team behind the iOS 8 untethered jailbreak for iPhone, iPad and iPod touch released last month.

FireEye provided an example of this security vulnerability based on the set of screenshots above, showing that a genuine copy of the Gmail app (Figure A and B) was able to be replaced with a malicious version (Figure D, E and F) by luring the user to install a “New Flappy Bird” update through enterprise/ad-hoc provisioning (Figure C). For demonstrative purposes, FireEye placed the words “yes, you are pwned” at the top of the malicious Gmail app (Figure F) and proved that they were able to upload all local cached emails to a remote server.

Masque Attack iOS Remote Server

As a general rule of thumb, it is recommended that iOS users avoid installing apps outside of the App Store as a precautionary measure — especially from untrusted developers.

We have reached out to Apple for comment and will update this post if we hear back.

[tweet 532032185063464962 hide_media=’true’ align=’center’]

FTC: We use income earning auto affiliate links. More.

You’re reading 9to5Mac — experts who break news about Apple and its surrounding ecosystem, day after day. Be sure to check out our homepage for all the latest news, and follow 9to5Mac on Twitter, Facebook, and LinkedIn to stay in the loop. Don’t know where to start? Check out our exclusive stories, reviews, how-tos, and subscribe to our YouTube channel

Comments

  1. “Home Depot blames security breach on Windows, senior executives given new MacBooks and iPhones”

    • Edison Wrzosek - 9 years ago

      You like trolling, don’t ya?

      • boarddworld - 9 years ago

        It’s a fair comment. Apple will definitely need to up their game in securing OSX & especially iOS now that it’s many peoples PC replacement for their own private information. Apple is also taking away hackers money. Having exploited billions of dollars from Windows users they’re naturally going to make a shift.

  2. Ry L - 9 years ago

    So don’t click install on a popup like that!

    • g0bez - 9 years ago

      Sheesh… I know. Just about every Mac / iOS “vulnerability” has had a qualifying statement like:

      “… by luring the user to install a “New Flappy Bird” update through enterprise/ad-hoc provisioning (Figure C)”

      Yet again, just like the others, this vulnerability is relying on an ignorant user action. Yes, this is a security issue to be fixed… but it isn’t like you could unknowingly get hacked.

      • Edison Wrzosek - 9 years ago

        I just finished watching the video (active version is over on AppleInsider, as this Dropbox link has been terminated), and the attack vector, while effective, 100% relies on the stupidity of the end-user clicking on a link in an unsolicited SMS message (HUGE red flag right there), and then being directed to a WEB BROWSER to install an app, something that you NEVER do on an iOS device.

        I know another commenter here scolded me for making that statement, but after seeing the attack demo, sorry, I stand by my statement 100%; only someone completely ignorant and stupid would EVER click on a link contained within anything form of communication that is unsolicited, especially an SMS message from an unknown third-party.

      • You realized that’s how almost every security breach happens in windows and macs. Now that apple products are so popular they now get the joy of malware.

      • lulu25314 - 9 years ago

        The thing is – people are actually this stupid. Also, the people who would fall for this will never read this article.

      • Ryan Scullen (@techlife) - 9 years ago

        Edison – I completely agree with you. Unfortunately, we’re talking about the same demographic of people that uses Mac and iOS devices cause “they can’t get viruses”. Apple has started advertising security as the reason to choose their devices. The innards of iOS are far more secure than any other mobile OS out there, but not having some sort of App ID + Distribution Certificate hash as a part of the app’s validation process at launch is a huge oversight on Apple’s part.

      • “this vulnerability is relying on an ignorant user action.”

        Plenty to choose from out of the population of IOS users ;)

      • oshipp - 9 years ago

        you’d be surprised how many people just don’t know and click on everything that they see.

      • pecospeet - 9 years ago

        I figure most people using this site have enough understanding of how the various systems fit together and the tricks that scammers use. More importantly, we probably understand the important difference between an official app store and a developer’s site – even a trusted developer’s site.

        But the majority of users don’t understand or don’t get the important distinctions. (Try explaining hyperlinks and how what you see is not necessarily what you get to a group of users. Some will get it and some won’t. I am amazed at how many who do get it were not already aware of this and did not know how to check a hyperlink before clicking). I figure that most people can probably spot some of the more obvious malicious emails/SMS but I have seen some pretty good email scams recently.

        It’s not a question of them being dumb – it’s a question of understanding and knowledge. There are lots of people with brilliant minds who find technology beyond their understanding – they just want something that is easy to use and works.

        I got a request last year from my bank to participate in an online survey, complete with convenient hyperlink to a third party site. I was able to eventually satisfy myself that the request was probably legitimate, but I took the bank and the survey company to task over sending such a request by email – and I made sure it got elevated within the bank. So far, no repeat requests (but maybe they just flagged my account). If banks do that, it makes it harder for the average non-tech person to identify what is legit from the scams. Better if banks (and other financial institutions) restrict emails to “Your statement is ready. Log into your account to see it” with no embedded links.

        I figure as long as there is legitimate communication from sources we know and trust through email or SMS or any other means, then scammers can make use of the same communications channels to hoodwink people.

      • Most successful hacks are done with the user unknowingly doing something to aid the hacker. I can just about guarantee that if you tested this in a close environment on 10 people most would click the link.

    • fabrica64 - 9 years ago

      It’s not just clicking, you need to install an enterprise provisioning profile obtained from an enterprise certified by Apple, then the creator of the bad app has to steal the enterprise signing certificate related to the profile and sign the bad app, and put on a web link you then may click.

  3. “Honestly, this put a smile on my face… It’s about time retailers begin realizing that Microsoft’s OS is an old, bloated, crap OS with more security holes in it than Swiss Cheese.”

    • Edison Wrzosek - 9 years ago

      If you want to comment on something I said, then comment to me directly please.

      BTW, refer to my post in regards to this issue for some insight, as apparently you’re just jumping at the bit for there to be iOS issues…

    • Gregory Wright - 9 years ago

      Be careful what you wish for. Microsoft is the target of attacks because it is the largest enterprise software vender. Previously, attackers have ignored the Mac. As more company’s switch to Apple products attackers will turn their focus to Macs. Lets see how Apple handles these attacks as they encounter more of them.

      • Mike Knopp (@mknopp) - 9 years ago

        I always love comments like this.

        Prior to this Apple only escaped massive exploits because it was such a niche market. Now Apple only escapes massive exploits because it isn’t the largest enterprise software vendor. What next? Apple doesn’t have as many breaches as Windows because it isn’t the majority software ran by 30-40 year old between the times of 5 and 5:30 PM?

        There are more devices running iOS than there are devices running any version of Windows. Are all of these enterprise? No, but Apple is a major player in computing, and arguably when one considers Macs, iPhones, and iPads the largest computer company.

        This is along the same lines as when Android was a small segment of the market and riddled with malware and viruses they couldn’t say anything. However, there was much rejoicing amongst the anti-Apple crowd the second Android sold over 50% of the phones for a quarter because suddenly the old tired argument of Apple isn’t more secure they just don’t have a majority of the market so they aren’t attacked as often could be trotted out.

        Does Apple need to focus more on security? Yes, but it is ridiculous to say that Apple has less problems with security only because their market share isn’t as big.

      • Edison Wrzosek - 9 years ago

        Actually the comment made by Dean was my comment (hence why he quoted it) from the Home Depot thread…

        It will definitely be interesting to see how Apple deals with what appears to be the beginning of an onslaught on iOS and OS X…

      • optimaximal1 - 9 years ago

        FAO Mike Knopp.

        There are more devices running iOS than there are devices running any version of Windows.

        That’s not necessarily true – http://en.wikipedia.org/wiki/Usage_share_of_operating_systems#Web_clients

    • Software will always have bugs, we need to focus on educating our users. With stupid users every system sucks or its too simple to be useful :-/

      • That’s right.
        That’s why I quoted that comment ;-)

      • And the worst part is that sometimes, Apple is advised a lot of time before people who discovers security wholes like that decides to expose it. And sometimes Apple do nothing about it until the person exposes it.

  4. I thought iOS apps could only be installed from the app store if your device wasn’t jailbroken. Am I missing something?

    • dm33 - 9 years ago

      +1
      Apps can only be installed through the App Store which wouldn’t let such an app in. This therefore is a highly unlikely problem to have.

      • That is not 100% true, if someone got a hold of an enterprise signing certificate they could sign an app post it on a website and any device could download and install it. However the odds of someone hacking a corp stealing the enterprise cert and then posting for malicious use is probably sub 0.001%.

        Enterprise signing certs allow enterprises to side load apps outside of the Apple App Store.

      • Edison Wrzosek - 9 years ago

        Looks like this attack managed to be amongst the 0.001%, as it’s installed using a signing certificate, likely lifted from a corporation…

      • I don’t think the certificate was lifted. It’s probably more likely that FireEye used their own certificate to do the testing.

    • Almost. Enterprises can get an Enterprise Certificate which allows them to install internal apps without the app store.

      • fabrica64 - 9 years ago

        And you need to install the enterprise provisioning profile on your iPhone. An enterprise certificate is not enough. This flaw has almost zero chance of become viral.

    • Mike Beasley - 9 years ago

      No, services like TestFlight and HockeyApp let developers distribute apps outside of the App Store for enterprise and testing purposes.

  5. Edison Wrzosek - 9 years ago

    OK, so let’s deconstruct this here just a little bit…

    First a user must be “lured” to a website by means of what appears to be a phishing attack message, and then, as shown in figure (c), get directed to a non-standard page (seemingly a single line of text) and then a non-standard dialog box asking to install an app update… Already by this point, you’d have to be completely stupid to do this, as everyone should know that App Updates are fed thru the App Store and are NOT presented in this manner.

    The only thing of real concern here, is two things… One, hackers are now going after the enterprise provisioning system as an entry vector into iOS, identifying it as a slightly weaker point of entry when combined with end-user stupidity.

    Two, is the fact the replaced apps can access the database of the original app unimpeded. While the attack vector relies solely on the gullibility and stupidity of end-users (and unfortunately I fear there will be many), it’s the second part that Apple needs to fix ASAP.

    Oh, and I found this statement of particular interest:

    “use Masque Attacks to bypass the normal app sandbox and then get root privileges by attacking known iOS vulnerabilities, such as the ones used by the Pangu team”

    Seems like the Pangu team had a helping hand in this. Had they been responsible programmers, they’d have kept the discovery of the security hole private, and reported this bug to Apple to have them seal it, not exploit it for a freaking jailbreak, which now other hackers are exploiting for nefarious purposes! THIS is one of the key reasons I don’t support jailbreaking! If you find an issue with software, report it to the original developer (Apple) so they can correct it, not release it into the wild during an era where such vulnerabilities will be snatched up by hackers waiting in the winds to use it to perform illegal activities!

    Some of the largest disasters in this world were scientific discoveries made with best of intentions…

    • Avenged110 - 9 years ago

      Jailbreaking discussion aside, it’s very similar to OS X where one has to click ‘yes, install/open’ for nearly all (maybe all) malware in order to be vulnerable. It’s not the OS’s fault if you’re stupid. That being said, it’s still good to disclose these ‘flaws.’

    • Scott (@ScooterComputer) - 9 years ago

      It is woefully misguided to discount the vector of this attack as something only “stupid” people would do. Something actual security professionals would call a “novice mistake”. Most users of the iPhone barely understand the App Store; many come from a Windows background and we know how that ecosystem has faired. None of this makes them, intrinsically, “stupid”. There is one point of blame for this: Apple. This vulnerability is nothing less than poor security engineering on their part. It is their job to design secure systems, and on this particular function, they failed at 101-level fundamentals. This is something that never should have seen the light of day, much less several major iOS releases. Expecting users to understand the entire security paradigm of a system is just foolish. Why is it “stupid” that your friend could iMessage you a URL (especially in the days of shortened URLs) suggesting a fun new game? And why would it be stupid to click on that link to see what somebody is sending you??

      Your second novice mistake is to view this proof of concept as the highest level of sophistication that can be achieved. Therefore you aren’t thinking very creatively, like a true SecEng. Put a better URL in that iMessage, make it appear like a message from the Apple App Store, and do 15 more minutes of work on the command/control server’s UI, the target (probably including you) wouldn’t know anything was amiss. I’d bet you could go a step further and pop an HTML “dialog” and have the user put in their Apple ID password, just for fun, and successfully collect that from over 50% of targeted users before the Malware installed.

      The third novice mistake is somehow blaming the Pangu group. The vulnerabilities they used weren’t unknown in the community. And if “the community” knows about them, you can bet your ass dark forces OUTSIDE “the community” can know that “secret” too. Pangu had no hand nor any responsibility for this. Again, it is solely Apple’s failure to do the fundamental levels of SecEng work that the jailbreakers do to FIND these vulnerabilities. Such things should NEVER see the light of public release; in Apple’s case they’ve been bitten time and time again…every major iOS release since the iPhone shipped. And from the original article, Apple was informed of THIS Masque Attack in July…yet still shipped iOS 8.0, 8.0.1, 8.0.2, 8.1, and 8.1.1beta. Do you find that acceptable? This is a SIGNIFICANT security vector. Pangu and the jailbreak community shouldn’t even be mentioned in this, except maybe to proffer a wager whether they ship a “patch” for it before Apple does.

      This attack is a mind-numbingly terrible reflection on Apple’s Security team. I mean, just awful. This specific use-case should be a Security QA test case. Not only is the Security team failing to do proper code auditing, they aren’t enforcing best practices across the development team and aren’t catching poor designs in testing (much less quickly after they ship). That the Masque Attack is able to so successfully pwn iOS using such a well-worn vector of attack (SocEng) is simply cringe-inducing; I mean, this is like Windows-malware deja vu! Worst, this isn’t Apple’s FIRST complete and utter failure in implementing certificate security best practices. This kind of stupidity—on APPLE’s part— shouldn’t be seen ONCE for a company of Apple’s caliber, but certainly not repeatedly.

      The only stupid here is on Apple. And anyone who is stupid enough to step in front of the barrel to defend their stupidity. They’re big boys, let them take the fire.

      • Mr. Grey (@mister_grey) - 9 years ago

        While I think all your facts are entirely correct, your interpretation is greatly flawed. A person has to click on a link in a random spam message, be taken to a web page, and then click on an install dialogue.

        There is no way to spin that as anything other than the user being “stupid.”

        Apple could indeed make it clearer that one shouldn’t install anything that isn’t from the App store, they could possibly even make the device unable to do so in some way (although I have no idea how), but the root of the fault here is user stupidity, or “ignorance” if you want to use a kinder word.

      • Edison Wrzosek - 9 years ago

        I wasn’t discounting the fact this is a genuine security issue in iOS that Apple needs to address, hence why I mentioned it in my original post:

        “Hackers are now going after the enterprise provisioning system as an entry vector into iOS, identifying it as a slightly weaker point of entry”

        And

        “Two, is the fact the replaced apps can access the database of the original app unimpeded. While the attack vector relies solely on the gullibility and stupidity of end-users (and unfortunately I fear there will be many), it’s the second part that Apple needs to fix ASAP”

        After having watched the video demo of the attack, I stand by my statement that this “attack” is possible not exclusively, but primarily, due to sheer user stupidity. Let’s recount steps of a proper app install that anyone who knows an iOS devices knows how to perform:

        1. Open App Store app on your device
        2. Goto Updates tab to view available app updates and perform update, or,
        3. View available apps in the store, chose which one you want, authorize download by entering Apple ID password, and possibly CC security code if purchasing paid app, and you haven’t made a purchase in some time
        4. Enjoy your app.

        With this attack, we veer to the following method:

        1. Unsolicited SMS (not iMessage) message arrives from unknown third-party advising you to click on a shortened hyperlink
        2. User is taken into Safari, to an unusual site, and prompted to update an app using a non-standard dialog box
        3. Attack then replaces genuine third-party app (as it doesn’t affect built-in iOS apps), and then the attack begins uploading any incoming SMS messages, and the DB of the original app the malware replaced is copied to a CnC server.

        You also mention that a friend could do this, yet in the demo, the attack message is an unsolicited SMS message, not an iMessage. So unless the attacker is also able to spoof an Apple ID account to later send iMessages masquerading as the original sender in order to fool recipients into opening the link, this logic is defeated.

        Where you mention my second novice mistake, you are again making the incorrect assumption that the attack is initiated by an iMessage, when in fact it is coming in as an unsolicited SMS message. If my friend had an iPhone, and was suddenly sending me SMS message format with hyperlinks, that again is a red flag to those with half a brain. And while you are correct that the attacker can spend more time refining the formatting and content of the SMS message, the website to which the link takes the user, it still doesn’t negate the fact it takes the user somewhere COMPLETELY different that they normally NEVER go to for getting updated, or new apps! This again boils down to sheer user stupidity and ignorance.

        Is it an issue with iOS? Yes, there’s no denying it. Is it something Apple needs to fix? Yes again. Has Apple taken too long to seal this security hole? Yes again. These are not points I’m arguing. What I’m arguing, is that the security model Apple designed is actually working as intended. The problem is the hackers have now figured out a way to circumvent it, and thus Apple now needs to improve it, because they underestimated how stupid some users can be!

        As for blaming the Pangu group, you better believe I blame them in part for this. First off, keep in mind they did help to jailbreak iOS 7.x, so they HAVE utilized this security hole for quite some time. And instead of working with Apple quietly behind the scenes to ensure these holes get sealed, they use it to expose the OS and create a jailbreak, knowing full well that if this got into the wrong hands, which it now has, can pose a SIGNIFICANT threat to the millions of people who use these devices on a daily basis. That is a COMPLETELY IRRESPONSIBLE thing to do, and something I look down upon in disgust. An honourable hacker or security researcher, like the one who discovered WireLurker, did the right thing and withheld divulging the details of the security hole, until Apple has a chance to correct the problem, and gave them the information they needed to fix it.

        Also, while the attack doesn’t look good where Apple is concerned, it’s not a mind-numbingly terrible reflection on them, but rather it’s a mind-numbingly terrible reflection on the state of intelligence of the end-users who own and use these devices, that they are so uneducated about the devices they are using, and how ignorant they are of the threats being flung their way, and how just a little bit of common sense would save their butts most of the time.

        Apple definitely needs to step-up its game here, there’s no doubt about that. But ultimately, the end-users need to smarten up, BIG TIME. If we keep catering to the lowest common denominator or end-user intelligence, iOS would be too limited and stupid for anyone that has even intermediate levels of knowledge to use effectively without getting frustrated.

      • I realize this “security flaw” is not quite as bad as it might seem at first glance, but hypothetically speaking, that Safari page wherein the user clicks “download” could relatively easily be made to look like the official App Store page, thereby increasing the likelihood of tricking the user into clicking “download”, the team just didn’t get that clever in their implementation. Just throwing it out there.

    • >Seems like the Pangu team had a helping hand in this.

      Seems like they didn’t because it affects ALL phones back to 7.1.1. More useless “I’m against jailbreaking because security reasons that Apple ignored despite being told it existed” nonsense.

      It’s amazing how so many people that are completely ignorant about jailbreaking and the history of it seems to think they know so much about it.

      • Edison Wrzosek - 9 years ago

        Had the “team” that discovered the flaws in iOS did the responsible thing and not only reported it to Apple, but also worked with them quietly, behind-the-scenes, to ensure it got fixed, none of this would’ve happened. The hackers responsible for jailbreaking any OS are incredibly irresponsible people, because they rather get nerd-gasms that they were able to punch thru OS security layers, rather than working to make it safer.

        BTW, Pangu also jailbroke iOS 7.x, so they’ve known about this for a long time. And being they’re hackers from China, who knows what their team members leaked to other, less savoury, hackers, who are now exploiting these vulnerabilities for nefarious purposes.

        Nothing you can say will EVER change my view upon hackers who use their skills to create crap like jailbreaks, because in the end, this is the result we’re now left with, and everyone else is responsible to clean up their mess.

      • giskardian - 9 years ago

        Apple have a history of ignoring security threats, even after being informed of them by third parties. It’s naive to think that Apple would rush to work with the Pangu team to fix this breach. One could argue that the Pangu team did the responsible thing by making it public so that publicity would force Apple to fix it.

      • Edison Wrzosek - 9 years ago

        That argument might have carried some weight, had it not been reported that the vulnerability allowing the jailbreak, and this malware, has been patched in iOS 8.1.1 beta, just before this attack was discovered.

        No arguing that Apple arrived late to the ball game on this one, but that doesn’t absolve Pangu of doing what they did either, period.

      • Sorry, Edison but you’re still completely clueless. What Pangu did is not related to this in any way. These are enterprise certs being abused, not what they did to untether a jailbreak. You’re right I won’t change what you think about jailbreaking and it’s because you, like so many others, have no clue what you’re talking about a spew your ignorant nonsense on articles that are written by people who clearly don’t know what they are talking about either. What Pangu did and what this is are two completely different things, but I’m going to stop wasting time on you, it’s not worth trying to discuss this with someone who is hell bent on being as ignorant as they can be.

    • Nick Arnott (@noir) - 9 years ago

      Pangu had nothing to do with this. This has nothing to do with jailbreaking. Mentioning Pangu Team by FireEye and in this article should have been given more context, but seriously, Pangu Team and lack of enforcing unique bundle IDs are 100% unrelated.

  6. rogifan - 9 years ago

    Amazing how we always here about these major iOS flaws yet very rarely do we ever hear about many people actually being impacted.

    • That just means users are getting a little bit smarter (aka more informed). Still doesn’t devalue the severity of the flaw by any means.

    • Fallenjt JT - 9 years ago

      It’s because people don’t just install apps from any source, but from App Store and only when they need/want that app. People who install whatever sent to them don’t deserve to use smartphone. Yup, Why one uses smartphone to do dumb thing?
      Also, did we get this year over year about not clicking on any link, file and such over emails, texts, IM?…What’s new here?

  7. Karl Betts - 9 years ago

    Why cant they just these fuckers once and for all !

  8. chrisl84 - 9 years ago

    All the more reason to not use that crappy Gmail app and use the pre installed mail.app.

    • Scott (@ScooterComputer) - 9 years ago

      This isn’t a vulnerability in the Gmail app. This is exploiting a vulnerability in Apple’s app signing model, whereby app Bundle IDs are not “pinned” to the developer’s signing certificate. The Proof of Concept simply used Gmail.app as a example, because a likely target would likely have significant amount of data within that app’s sandbox. Any non-system-installed app is just as vulnerable.

      See my post above for more information.

      • chrisl84 - 9 years ago

        See the part where Pre-Installed Apple Apps are unaffected.

      • optimaximal1 - 9 years ago

        @chrisl84

        Imagine buying an iPhone and never, ever installing ANYTHING from the App Store, just in-case someone exploited it.

  9. Avenged110 - 9 years ago

    So, moral of the story; don’t be an idiot. Business as usual on the Internet…

    • Edison Wrzosek - 9 years ago

      That’s easier said than done these days, as not only has intelligence dropped significantly, but common sense, which would help here, is pretty much dead :(

  10. Ario (@ArioYazdan) - 9 years ago

    Let’s say an iOS device is infected. How would you deal with that situation?

    • Avenged110 - 9 years ago

      I would assume restore and set up as new.

    • paulywalnuts23 - 9 years ago

      I would think restoring it to factory settings, then downloading all the apps you need directly from the app store again would do the trick. I wouldn’t restore your apps using backup, just to be safe…

      • Edison Wrzosek - 9 years ago

        If you have an iCloud backup, you should be OK restoring from there, especially if you perform a factory or DFU restore. All the apps would be restored from the Apple App Store, and no where else.

  11. x0epyon0x - 9 years ago

    So let me get this straight: based on the comments here, when an Android user explicitly enables the “Download 3rd Party Apps” option, goes to download a third party app, and is subsequently infected with malware, that’s an example of Android’s “toxic hell stew” of security holes.

    Yet, when an iOS user downloads a third party app outside of the App Store and is infected with malware, it’s not a big deal and that person’s own fault and is in no way indicative of security flaws in iOS? Okay…

    • Gregory Wright - 9 years ago

      Don’t waste your time. You can’t win here.

    • nullifiedone - 9 years ago

      I think its more of how one is intended to install 3rd party sources, and malware is the nature of the beast, it brings the good and the bad.
      The other is a flaw that will get fixed.

      • x0epyon0x - 9 years ago

        The thing is, you have to go absolutely out of your way to even have the option of installing third party apps in Android. And malware aside, there are times where it’s necessary to do that. For example, where I work, we use Lotus Notes (*shudder*) Mobile to access email on our Android phones, and that requires installing it outside of the Play Store.

        On iOS, do users need to explicitly set a security option to install apps outside of the App Store?

      • nullifiedone - 9 years ago

        Well no, on ios youre supposed to only be able to install apps inside app store.

        Which is why i say you take the good with the bad. On ios holes like this shouldnt exist and will be fixed.
        On android you are meant to be able to install from other sources.
        Each had good and bad.

      • x0epyon0x - 9 years ago

        Ah, now I see. I misunderstood your previous comment.

        All in all though, I just think it’s humorous that we have a nearly identical situation on 2 mobile ecosystems, yet the reaction to those flaws, at least on this forum, is drastically different.

      • nullifiedone - 9 years ago

        I dont really say the situation is identical, one has options but much more prone to malware, while the other is closed with less options but malware is very rare.
        Reactions to both differ depending on what forum you goto, people pick the forum for what they like, its usually biased.

    • giskardian - 9 years ago

      That’s about right, except you forgot to add that anyone who has problems with iOS is by definition an idiot of the highest order.

  12. markbyrn (@markbyrn) - 9 years ago

    It’s only a ‘major’ flaw if you bypass security features on iOS or OS X. More FUD and click-bait as expected from the usual suspects in tech punditry.

    • Edison Wrzosek - 9 years ago

      Is it FUD? Not really… While the exploit depends on user stupidity, which can be found a plenty in today’s average consumers, that doesn’t negate the fact there IS a security issue here, one that Apple must address in short order.

  13. fabrica64 - 9 years ago

    This “flaw” is not so common and easy to implement. There’s a line in the FireEye report that nobody mention:
    “We signed this app using an enterprise certificate.” So you need an Apple released enterprise certificate to sign the bad app and you need the user to install on the iPhone the related enterprise provision certificate.
    It’s not just clicking on a web link…