Apple has issued a statement regarding the recently publicized “Masque Attack” security flaw.
As discovered by researchers at the mobile security company FireEye, Masque Attack works by installing malware apps that masquerade as genuine apps through enterprise provisioning on iOS devices, whether jailbroken or not.
Given that consideration, Apple has commented on the issue with the advice that users download apps from trusted users only. However, it hasn’t received reports from users who have actually fallen victim to Masque Attack.
“We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software,” an Apple spokesperson said in a statement to iMore. “We’re not aware of any customers that have actually been affected by this attack. We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps. Enterprise users installing custom apps should install apps from their company’s secure website.”
Additionally, Apple has posted a new support page providing several security guidelines to be followed by users when installing custom enterprise apps.
Last week, Apple responded to the previously discovered “WireLurker” malware targeting Mac and iOS device users in China, saying that it had blocked the infectious apps and also encouraging users to download apps from trusted sources only.