Could this be used as a workaround to installing jailbroken apps without actually jailbreaking the iPhone???
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
'Masque Attack' Vulnerability Allows Malicious Third-Party iOS Apps to Masquerade as Legitimate Apps
- Thread starter MacRumors
- Start date
- Sort by reaction score
I though it is impossible to install apps from non office app stores unless it is jailbreak with appsync to do so?
Yeah I'd already noticed the profiles list was gone on iOS 8I wonder why Apple removed this?? It certainly doesn't make it any more secure.
There is still a "device management" screen on iOS 8 that shows my company's restrictions. Perhaps this would show up there?
----------
Corporate apps customized for specific enterprises use side-loading so as not to require the App Store. I can enter in my timesheet, for example, through a custom app.
Enterprise.
still has you down load outside of App Store? If that's correct, most smart people will not have a problem at all.
Enterprise.
I think Apple App store would still have to approve update? But I would like to know answer for sure?
Everything should focus on normal practice. This is not a normal practice...just like Lurkworm last week...Researchers try to show the WAY that an operating system can be infected, the way that's irrelevant on how people use the device every day.
Are you suggesting that Apple shouldn't worry about this or do anything about it?
My point is pretty clear - while it's not some major widespread issue - it should be plugged up. Especially given Apple's reputation and PR around security.
It is absolutely "normal practice" to install custom apps outside of the app store in every big corporation in the world.
It's the side-loading that makes this so scary. Get a victim to any web page that serves up an App reference and provides an Install button and this could become messy very fast. Apple has made it too easy to install apps, bypassing the protected App Store channel.
The factor that just a bundle ID is used to identify and replace an installed app seems like a serious weakness to me. Why is iOS not verifying the *source host* of the app download? That seems like it would nip this problem in the bud.
The factor that just a bundle ID is used to identify and replace an installed app seems like a serious weakness to me. Why is iOS not verifying the *source host* of the app download? That seems like it would nip this problem in the bud.
Seems youd have to be pretty stupid to fall for all the things you'd need to fall for to make this work.
I'm the same way, learned my lesson years ago with Windows about side loading or links from emails etc..
Google Gmail, is anyone surprised its not secure at all?
Also, if I understand this correctly, the direct links be it email or SMS, still has you down load outside of App Store? If that's correct, most smart people will not have a problem at all.
They are using gmail as an example. They could use anything else.
Also, es it's outside of the app store, and you're aware every single company network make their user download apps outside of it right ?
No, Apple introduced "app awareness" into any website which triggers the regular download and install process. However, it seems to work from any source, not just from Apple's own store. That's the scary part here and needs to be fixed asap.
Well that is the problem, thanks to the hole outsiders can send fake updates of enterprise apps to employees and perform industrial espionage and more.
This is a huge problem and Apple is unable to fix this in almost half a year. Unbelievable.
I don't know. Historically (I believe) that even if it were - Apple wouldn't acknowledge it directly. Don't they usually just use a vague reference, ie "improves security" or something like that. They seem to have pretty standard/generic language.
You'd be amazed how many people do things like that to get access to emulators, dodgy movie downloads, etc - a quick search through these forums will reveal quite a few threads about how wonderful it is to be able to download a "free" movie app direct from a pretty sketchy website.
It's amazing how the lure of something for nothing can still catch people out in 2014...
No... I can think of several people in my circles that would fall for this, because it's leveraging *official* mechanisms for installing apps. Because any web page can make a reference to an app, prompting the user to install that app instead of using a website, users could very easily fall victim to this.
What seems to be the loophole here, which should be easy for Apple to fix, is that the malicious app must be coming from the hacker's servers, not from Apple servers. Since Apple has a policy of enforcing apps only from the App Store, it makes sense that the source be verified. That doesn't seem to be happening, which is scary and a big boo-boo on Apple's part.
Apple better reading this and take it serious to patch asap. This doesn't make any sense since such hacks can only happen in the jailbreak community but now it spread to non-jailbreak device as well. I just delete my gmail app right after reading this post.
More than you think - quite a few people download paid apps from third party app websites willingly themselves, especially since enterprise provisioning profiles allow the apps to be installed on any iDevice and doesn't therefore require a jailbreak.
It's an attractive thing to do for those who don't want to jailbreak their device but want to install paid apps or apps that are not available on the App Store. The downside is that it could sting you bad if you download from a dodgy source.
Most people are smart enough not to click on a dodgy sms link from an unknown person but there are also many who actively choose to download from third part websites.
The main point is that entrprise provisioning is being abused for malicious intent and many are unlocking a back door on their devices without them even knowing it. :|