In Apple's first
statement since a vulnerability in its popular mobile devices was described by
security specialists, the company said Thursday that it was unaware of any user
actually being hacked through the "Masque Attack" technique.
"We designed OS
X and iOS with built-in security safeguards to help protect customers and warn
them before installing potentially malicious software,' an Apple spokesman said
in an emailed statement. "We're not aware of any customers that have actually
been affected by this attack."
On Monday,
researchers with Milpitas security firm FireEye described a path through which
hackers could take over a legitimately downloaded iOS mobile application and
potentially siphon personal information. The malicious software would be
delivered through an app downloaded from the Web, which Apple and FireEye
strongly warned against.
"We encourage
customers to only download from trusted sources like the App Store and to pay
attention to any warnings as they download apps," the Apple statement
read. "Enterprise users installing custom apps should install apps from
their company's secure website."
An approach similar
to the Masque Attack vulnerability was used in software found on a site
offering Mac applications in China that could attack iPhones and iPads as they
synced with Apple PCs. That vulnerability was disclosed last week by FireEye
rival Palo Alto Networks.
No comments:
Post a Comment