The attack assume jumping one fairly substantial hurdle and that is you
must jailbreak your phone to install apps that don't come from the Apple
app store. I don't know what percent of people actually do this but I
suspect it's small, which makes the attack surface small and the injury
somewhat self-inflicted. Part of the reason the Android ecosystem is so
full of spyware and such is you can install apps from anywhere you
please without vetting by anybody. Sooner or later something gets in
that way. For me, while there are some interesting non-approved iOS apps
out there that even seem legit, who is to say that somebody else didn't
mess with it and add a payload of viruses? No thanks. I'll stick to the
legit store and avoid all that.
CB
On 11/14/14, 12:18 AM, Sabahattin Gucukoglu wrote:
An attack on iOS app validation means that it's possible to be tricked into
replacing a legitimate app with an illegitimate one which looks legitimate.
Furthermore, the illegitimate app has access to data of the app it replaced.
Full details here:
http://www.fireeye.com/blog/technical/cyber-exploits/2014/11/masque-attack-all-your-ios-apps-belong-to-us.html
Don't install iOS apps from anywhere other than the App Store, and never
respond to a prompt requesting installation from a web page or somewhere else.
If you are warned that an app is untrusted when you launch it, delete it
immediately.
--
¯\_(ツ)_/¯
--
You received this message because you are subscribed to the Google Groups
"MacVisionaries" group.
To unsubscribe from this group and stop receiving emails from it, send an email
to [email protected].
To post to this group, send email to [email protected].
Visit this group at http://groups.google.com/group/macvisionaries.
For more options, visit https://groups.google.com/d/optout.
