Apple has issued a response to the recently uncovered “Masque Attack” that allowed malicious applications to be installed in place of valid apps and access user data. In a statement provided to iMore, the company highlighted the security features built into iOS that informs users of any attempted app installations via an outside source like the Safari browser and said that it is not aware of any reported instances where a user was affected by this specific type of attack.
The company also said that users should install apps only through trusted sites such as the built-in App Store, and those using enterprise software should ensure that they only install it from a secure server operated by their company:
We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software… We’re not aware of any customers that have actually been affected by this attack. We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps. Enterprise users installing custom apps should install apps from their company’s secure website.
The so-called Masque Attack was uncovered earlier this month. Earlier today the Department of Homeland Security issued a warning about the potential security issues it poses. Apple, it seems, is less convinced of the potential problems it could cause.
FTC: We use income earning auto affiliate links. More.
So basically, don’t be an idiot.
This isn’t a flaw, it’s how iOS works, and it’s safer than literally every other OS out there.
Who is stopping you from installing a spoofed Skype app or hacked version of Angry birds on OS X, Windows, or Android? Apple can’t fix stupidity, which is the only security flaw in this situation.