Do people realize calling users stupid for falling for this are insulting their parents and grandparents?
So the message came from their company telling them to go download Flappy Bird? I would like to work at that place. Sounds like fun!An SMS or something else. It wouldn't be too hard, if you targeted someone specific, to send a well-made email to that person showing his friend, boss, ... address or something, or even hide behind an address like it@company.com requesting all users to update an app.
A "huge" vulnerability doesn't mean it can affect absolutely everyone.
Which is how a few app in the business world are installed, like from private app stores. and this isn't being stupid, this is doing what your company request you to do
Clearly that is just an example to demonstrate it all, as it can basically be done with any third party app, as the article mentions.
Did you only watch the video and not read the accompanying article? It clearly states Gmail was used as an example of of apps that can be duplicated. As in, outside of Apple's native apps, all other app store apps can be masqueraded.
Bolded: wrong.
Just like phishing and scams can be spotted from a mile away, except for those who actually fall for them since we all know there are unfortunately enough of those. And clearly things are put in place to deal with things of that nature as best as can be.You don't get my point, yes it can be done to any third party app, but you would need to have a malicious modified app to take its place. I doubt that there are that many malicious app that you could not spot with one eye closed from a mile away....
----------
I wrote the article, but find it hard to believe that the is a large number of masqueraded apps out there. Next to this the video is just stupid, because instead of flappy bird you get Gmail and nobody notices anything? I think it takes some serious programming to have multiple apps to behave in such a way that a users is unaware of its malicious nature. Usually, the 'good' apps already have sufficient bugs. I am not taking this too serious as you might have noticed: a storm in a glass of water.
Yup, that's really all it comes down to. All that extraneous discussions about people being stupid or needing to be careful still don't address the actual issue that is there which requires an actual software and/or policy fix from Apple.Also - by doing so, are they suggesting that Apple shouldn't fix the issue?
Because from the posts of some, that's how it sounds. No big deal - move along.
Big deal or not - if a flaw is found in security, it should be fixed. Pretty much end of story.
Also - by doing so, are they suggesting that Apple shouldn't fix the issue?
Because from the posts of some, that's how it sounds. No big deal - move along.
Big deal or not - if a flaw is found in security, it should be fixed. Pretty much end of story.
Enterprise.
Enterprise.
Unfortunately the automatic redirects to the App Store can still happen even in iOS 8 (where that was supposed to have been addressed).This needs to be fixed (completely). In iOS 7 a web page could automatically redirect you to the App Store to look at an app. I never installed an app when confronted with this behavior, but I did somehow install Where's my Water a few times. I always wondered, what if this was actually a fake App store. Would/should the install succeed. In iO8 this is no longer possible.
Apple needs to fix this other hole by disabling this Enterprise feature by default.
Bye, bye malware and virus free Apple world. What the haters have now against Windows, the beloved "intuitive UI" or that "it just works" ? It does not.
Technically this isn't really a virus either. And realistically no actual OS is exploit free, just those that haven't really had many exploits discovered or actually used for something.Now ChromeOS can tout itself as the only virus free OS.
Now ChromeOS can tout itself as the only virus free OS.
I also wanted to discuss the issue with this particular exploit. We've all been focused on the capability of installing an app, outside the AppStore and, a little, on how it can replace an AppStore app, stealing it's sandboxed data. But the point that's missed, is when you maliciously deploy the payload this way, replacing an existing app, it doesn't give you the second, untrusted developer warning. So you click the link, it asks if you want to Cancel or Install, you choose Install and, because it's "updating" an existing trusted app, is allowed to run, without being explicitly trusted. Do I have this right? That's what it looks like on the video.
Hello Android Problems, Welcome to Apple Land.
riight. it just magically installed itself. after you did something.
Except this has nothing to do with jailbreaking. Because you don't need a jailbroken device for this flaw in security to be taken advantage of.
Regardless - are you suggesting that Apple shouldn't figure a way to close this loop? This flagged issue should go unsolved?
Personally I disagree
Samcraig, I did not suggest that Apple should not figure out a way to close this loop, I merely pointed out that this threat is not as high as people wanted to make it be. Practically, the threat is relatively low. You'll need an extremely bad luck to get hit by this. Someone not only need the privileges to install an untrusted app over the web, but your explicit permission as well. Apple can also disable enterprise apps by revoking certificates. Just stick to downloading from the App Store, people will be fine.
Samcraig, I did not suggest that Apple should not figure out a way to close this loop, I merely pointed out that this threat is not as high as people wanted to make it be. Practically, the threat is relatively low. You'll need an extremely bad luck to get hit by this. Someone not only need the privileges to install an untrusted app over the web, but your explicit permission as well. Apple can also disable enterprise apps by revoking certificates. Just stick to downloading from the App Store, people will be fine.
Why people are continuing to argue over who is vulnerable, and why a person might be stupid to have this happen to them are immaterial.