It didn't scare me at all because I worked it out pretty quickly as being something that has very little to no likelihood of affecting me.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
'Masque Attack' Vulnerability Allows Malicious Third-Party iOS Apps to Masquerade as Legitimate Apps
- Thread starter MacRumors
- Start date
- Sort by reaction score
It didn't scare me at all because I worked it out pretty quickly as being something that has very little to no likelihood of affecting me.
Didn't take it personally, just commenting on it as there are probably many more who saw it for what it was and were unperturbed as I was.
Doesn't matter really thought. There will be enough people who hear about this if the news goes widespread and stress about it. Apple's PR team has been quite busy. I don't think this is a code red by any stretch, but again - I find it odd that some in this thread are implying there's little to no need for Apple to fix it.
That's what I've always figured, but folks keep saying that this is only an issue with enterprise provisioning.
Is there a way to check to see if I've been "infected"?
So, if /var/mobiledevice/provisioningprofiles is empty, are we in the clear? Or could the gremlins be lurking elsewhere? Or damage possibly already done and they've fled the scene?
I guess I shoud relax and just be careful what I install.
You could verify the existence of a provisioning profile. I don't think it can be removed/changed without another app being installed, so if there are none you should be safe.
Damage would be that one of your original app got trashed. Could try starting each one and see if they still work.
Though I wonder if they could just themselves into the normal startup process (then, your normal app would still work, you'd just be starting their process too...). If there is no profile, it doesn't matter anyway.
To be extra paranoiac you can simply erase apps and re-download them from iTunes.
You could also get everything from backup, but then you'd have to trust your backup
. BTW, there's a 99.9999% chance you haven't been hit you need to do nothing at all .
You're sure that it doesn't need a separate click? Since the profile install doesn't need user input if the certificate is OK, I guess it could get installed at the same and then you'd only need to click twice instead of 3 times.
I'd wait for someone to confirm that first.
But, as I said, it wouldn't matter much anyway, people would click anyway even if the profile had a big warning in bright red letters
Ideally, provisioning should probably be turned on by company IT on a phone by phone basis by putting a corporate certificate specific to the phone before being given to the user. A phone should only accept certificates from specific companies or not at all (disable provisioning).
----------
7 is almost like 8 from a user point of view, so not sure what you're talking about. Elon Musk is a gasbag who is one big bad decision from going bankrupt. Not sure I'd want that at Apple. As for tech, Tesla is much better at marketing itself than at tech...
"Almost liked", yeah, almost but with bugs/worse designs. And most importantly, bugs/design flaws that I couldn't believe it would happen in Apple. Let's point out a couple: 1. Multitasking Gestures fails from sleep on iPad Air 2 (not sure on others); 2. The mistaken shape of the "Delete Photo" dialog appears after clicking the trash can in Camera Roll; 3. Extra troublesome steps to delete photo/video without an option.
More? Google for it.