Apple iOS Masque Attack Technique

Systems Affected

Threat Level

Overview

A technique labeled “Masque Attack” allows an attacker to substitute malware for a legitimate iOS app under a limited set of circumstances.

Description

Masque Attack was discovered and described by FireEye mobile security researchers.[1] This attack works by luring users to install an app from a source other than the iOS App Store or their organizations’ provisioning system. In order for the attack to succeed, a user must install an untrusted app, such as one delivered through a phishing link.

This technique takes advantage of a security weakness that allows an untrusted app—with the same “bundle identifier” as that of a legitimate app—to replace the legitimate app on an affected device, while keeping all of the user’s data. This vulnerability exists because iOS does not enforce matching certificates for apps with the same bundle identifier. Apple’s own iOS platform apps, such as Mobile Safari, are not vulnerable.

Impact

An app installed on an iOS device using this technique may:
• Mimic the original app’s login interface to steal the victim’s login credentials.
• Access sensitive data from local data caches.
• Perform background monitoring of the user’s device.
• Gain root privileges to the iOS device.
• Be indistinguishable from a genuine app.

Solution/ Workarounds

  ✻  Update the latest version of the Mozilla's Firefox on Windows, Linux and Mac.

References

https://www.us-cert.gov/ncas/alerts/TA14-317A

Disclaimer

The information provided herein is on "as is" basis, without warranty of any kind.