Apple acknowledges ‘Masque’ vulnerability


Apple late Thursday acknowledged a vulnerability in its mobile software that could enable hackers to replace a legitimate app with a malicious one.

The exploit, revealed earlier this week by FireEye, lets an attacker “update” an app with a custom-built version that could be used to steal a wide variety of information. Fortunately, the scope of the problem is limited since it requires a user to agree to install an app outside of Apple’s App Store – presumably through a link or other Web prompt. 

Apple tells Yahoo Finance it is “not aware of any customers that have actually been affected by this attack,” adding that it encourages customers to “only download from trusted sources like the App Store and to pay attention to any warnings as they download apps.”

Still, an unsuspecting consumer could be tricked into clicking a nefarious link. In fact, the U.S. Computer Emergency Readiness Team, part of the Department of Homeland Security, issued an alert about the hole earlier Thursday.

An Apple spokesperson declined to comment on whether the world’s biggest tech firm plans on patching the vulnerability.

For more information on how to safely install enterprise apps that aren’t listed on the official Apple App Store, see this article posted to the company’s support page.