‘Masque Attack II’ reportedly still bypasses Apple’s prompt for trusting apps

Masque Attack

Near the end of 2014, security research firm FireEye found malicious software that it dubbed “Masque Attack,” which could fundamentally bypass the prompt issued by iOS to either trust or not trust some apps. Now, “Masque Attack II” is reportedly causing the same issues.

According to a blog post posted by FireEye on February 18, what the company is calling “Masque Attack II,” or the second phase of Masque Attack, the malicious software works much in the same way as it did in its first phase. Meaning, Masque Attack still abuses iOS’s developer certificates in an attempt to get people to install malware applications. These apps are meant to be installed on an individual’s iPhone and iPad:

Masque Attack II includes bypassing iOS prompt for trust and iOS URL scheme hijacking. iOS 8.1.3 fixed the first part whereas the iOS URL scheme hijacking is still present.

However, it would appear that Apple, with the release of OS 8.1.3, already addressed this issue, as noted by iMore. Apple stated that, with the release of that latest build, the company addressed the issue with improved code signature validation:

An issue existed in determining when to prompt for trust when first opening an enterprise-signed application. This issue was addressed through improved code signature validation.

Essentially, it seems that Apple has indeed provided the tools to protect users from this specific attack, but it’s up to the user to make sure not to trust untrusted apps. Initially, with the first reports of Masque Attack in 2014, Apple commented that they had not received any reports of users facing issues.

[via iMore; FireEye]