Masque Attack

Masque Attack is the name of an iOS vulnerability identified and named by computer security company FireEye in July 2014. FireEye privately informed Apple Inc. of the issue on July 26, 2014 and disclosed the vulnerability to the public on November 10, 2014 through a blog post on their website. The vulnerability is identified to exist on iOS 7.1.1, 7.1.2, 8.0, 8.1 and 8.1.1 beta,[1] and on jailbroken and non-jailbroken iOS devices. The vulnerability consists of getting users to download and install apps that have been deceptively created with the same bundle identifier as an existing legitimate app. The deceptive app can then replace and pose as the legitimate app, as long as the app was not one pre-installed along with iOS (i.e., the default Apple apps) – and thus, the reason FireEye gave for naming the vulnerability "Masque Attack".[2]

Once the deceptive app is installed, the malicious parties can access any data entered by the user, such as account credentials.[3]

On November 13, 2014, the United States Computer Emergency Readiness Team (US-CERT, part of the Department of Homeland Security) released Alert bulletin TA14-317A, regarding the Masque Attack.[4]

Apple stated on November 14 that they were not aware of any incidents in which one of their customers had been affected by the attack.[5]

  1. ^ "Apple iOS 'Masque Attack' Technique | CISA". 30 September 2016.
  2. ^ Hui Xue, Tao Wei and Yulong Zhang (November 10, 2014). "Masque Attack: All Your iOS Apps Belong to Us". FireEye. Archived from the original on October 2, 2019. Retrieved November 14, 2014.
  3. ^ Tweedie, Steven. "A New iPhone Security Flaw Can Replace Your Apps With Identical Versions Infested With Malware". Business Insider. Retrieved 2020-09-25.
  4. ^ "Alert (TA14-317A): Apple iOS "Masque Attack" Technique". US-CERT. November 13, 2014. Retrieved November 16, 2014.
  5. ^ Kedmey, Dan (14 November 2014). "Apple Isn't Aware of Any iOS 'Masque Attack' Incidents Yet". Time. Retrieved 14 November 2014.