The New iOS Security Hole Is Worth Paying Attention to, but Don't Panic

Once implemented an attacker can steal banking credentials, dig into email, and plenty more.

Don’t panic though, it’s pretty hard to actually pull off.

Essentially, a Masque Attack requires a dummy app to be downloaded and installed from a web site.

Inside that app is whatever malware the hacker wants to put in there, including keyloggers and whatever else.

A Masque Attack can do all types of nasty things.

The malware can steal these sensitive data.

Currently there is no MDM API to get the certificate information for each app.

Thus, it is difficult for MDM to detect such attacks.

Sounds freaky, right?

Masque requires a whole lot of things to work properly.

Finally, you should probably agree to download that app from an untrusted source.

If all those conditions are met, they’re in.

But that’s a pretty tall order for even the least tech-savvy amongst us.

Don’t download random apps from the internet and verify your friends and family don’t either.

Masque Attack: All Your iOS Apps Belong to Us| FireEye