Apple responds to Masque Attack concerns, says unaware of affected users

2

Comments

  • Reply 21 of 51
    relic wrote: »
    Hah, I think this is too funny, It's not just Apple, things like this are always blown out of proportion, I have never had a single virus or malware on any of my devices but if you believe some of these articles out there, like many on this board do, you would think that PC's and Android devices are all riddled with them. Simply not true, those that follow proper security should allows be safe.

    Never had a single virus or malware - that you knew of (twiddles end of moustache).
     0Likes 0Dislikes 0Informatives
  • Reply 22 of 51
    bc2009 wrote: »
    So if you purposely disable or bypass security measures so that you can install untrusted apps then you may be exposing yourself to untrusted apps? Who would have thunk it?

    In other news, if a complete stranger asks to borrow your iPhone for 24 hours and also asks that you provide them with your iPhone passcode and your iCloud password then it's possible that you may be exposing yourself to theft, hacking, identity theft, or a privacy invasion. Be on guard for this attack until Apple patches iOS.

    If you don't understand it and you want to defend or exaggerate that's up to you. In reality it requires less than one minute alone with your phone, iPad, or Mac.
    john galt wrote: »

    If you use iTunes, your computer has "seen" Amazon since AWS is one of the storage facilities hosting iTunes music. Another one you might see is Microsoft's data center services. As far as I know Apple has never used Google's cloud services.

    It's normal. Don't worry about it.

    Thank you for the reassurances. The reason I contacted Apple was because of Identityservicesd ==== [Warning] followed by quite a bit, and quite a few other reasons. My Console is lit up way too much for me. I plan to mention the other when they call me back. Again, I should mention that I have not seen anything like this before Yosemitee. This computer has been in use, with itunes, since 2012. As a Media Center only. I'm not an observer. I contributed to the bug reports in Yosemitee. I'm not a beginner with compiters.

    Thank you though, and God bless. ????
     0Likes 0Dislikes 0Informatives
  • Reply 23 of 51
    rogifanrogifan Posts: 10,669member
    bc2009 wrote: »
    So if you purposely disable or bypass security measures so that you can install untrusted apps then you may be exposing yourself to untrusted apps? Who would have thunk it?

    In other news, if a complete stranger asks to borrow your iPhone for 24 hours and also asks that you provide them with your iPhone passcode and your iCloud password then it's possible that you may be exposing yourself to theft, hacking, identity theft, or a privacy invasion. Be on guard for this attack until Apple patches iOS.

    I thought this "bug" was related to enterprise certificates where employees can install apps outside the AppStore. I know I've done it where I work. But I understand what I'm doing so I'd never install something questionable. One would hope that's the case with any company employees who are downloading custom apps on their iOS devices.
     0Likes 0Dislikes 0Informatives
  • Reply 24 of 51
    gatorguy wrote: »
    No sir, jailbreaking is not necessary. AI linked an article where they discussed it.

    "choosing to "Trust" app installs that iOS identifies as being from an "Untrusted App Developer." . In other words supposed enterprise apps, something not at all uncommon for users of iOS in business environments. Apple makes it very easy to do too. It doesn't mean that iOS users should be concerned, just aware.

    http://appleinsider.com/articles/14/11/10/wirelurker-masque-attack-malware-only-a-threat-for-users-who-disable-apples-ios-os-x-security

    Never thought I would agree with you. Yet I disagree at the same time. This is only the first (or close) report on how easy it is. People think for some reason that you need to have enterprise apps. You can make an "enterprise" app. Put it on a female USB drive and gain access to any ios device in less than a minute with physical access. It's been sold for a good amount for years. Trust me on this.

    Basically, never put your device down near anyone for even less than a minute. It doesn't even look like it has been jail broken when you look at it.

    On Android you don't even need physical access, but that's besides the point. Haha

    God bless!
     0Likes 0Dislikes 0Informatives
  • Reply 25 of 51
    Quote:

    Originally Posted by BC2009 View Post



    So if you purposely disable or bypass security measures so that you can install untrusted apps then you may be exposing yourself to untrusted apps? Who would have thunk it?



    In other news, if a complete stranger asks to borrow your iPhone for 24 hours and also asks that you provide them with your iPhone passcode and your iCloud password then it's possible that you may be exposing yourself to theft, hacking, identity theft, or a privacy invasion. Be on guard for this attack until Apple patches iOS.

    Apple is attacked on both ends.  If they make it too easy to install untrusted software and users run bad programs that steal their information, it's an OSX "vulnerability" and is Apple's fault.  If Apple locks down OSX more and makes it harder to be "infected" then their draconian walled garden is a terrible thing that is ruining the computing industry.  It's a no-win situation with critics.

     

    I think they have a good balance with OSX now.  It's an easy and smooth process to install trusted programs, yet still possible to install any app you want after some warnings.  That allows developers to make their own apps and distribute them how they want.  If Apple took the next step and actively prevented installing non-store software or made you manually modify system files, etc to do it, that would kill non-store apps and I wouldn't want to see that.

     0Likes 0Dislikes 0Informatives
  • Reply 26 of 51
    rogifan wrote: »
    I thought this "bug" was related to enterprise certificates where employees can install apps outside the AppStore. I know I've done it where I work. But I understand what I'm doing so I'd never install something questionable. One would hope that's the case with any company employees who are downloading custom apps on their iOS devices.

    No, anything with an "enterprise certificate" can install and replace apps on your device. This is a three year old cituation. Getting the pic now? I don't care at this point. I prefer it was more secure.

    I'll side with the hero here, Apple][. Jail breakers get the left overs after everyone else made money by breaking in. They want it for free. Ever wonder why a jail broken device is slower than one that isn't?
     0Likes 0Dislikes 0Informatives
  • Reply 27 of 51
    droidftwdroidftw Posts: 1,009member
    Quote:

    Originally Posted by amoradala View Post



    Never had a single virus or malware - that you knew of (twiddles end of moustache).

     

    Probably not the best argument to come back with when the article is titled, "Apple responds to Masque Attack concerns, says unaware of affected users"

     0Likes 0Dislikes 0Informatives
  • Reply 28 of 51

    Every month Microsoft patches a multitude of security exploits and it gets nary a mention but an iOS exploit that's caused by user (ill)-intent to bypass security controls causes tech pundit foaming at the mouth and a government bulletin.  

     0Likes 0Dislikes 0Informatives
  • Reply 29 of 51
    markbyrn wrote: »
    Every month Microsoft patches a multitude of security exploits and it gets nary a mention but an iOS exploit that's caused by user (ill)-intent to bypass security controls causes tech pundit foaming at the mouth and a government bulletin.  

    Microsoft issues security updates a lot more than every (I read once per month) month. This is a long standing problem that many have profited from for several years

    One thing you can be assured of, when the government issues a bulletin, it's because one or more of them realized they were the victim. Speaking of the government, why is it exactly that you think you can take your phone number with you to another carrier? Because your friend was upset perhaps? Hmm?

    Edit: If you're too young to know that phone numbers used to be owned by the carriers, then I appologise.

    God bless! ????
     0Likes 0Dislikes 0Informatives
  • Reply 30 of 51
    netroxnetrox Posts: 1,578member
    When you get a dialog saying, "untrusted developer" isn't that enough to tell you that it's a security risk?
     0Likes 0Dislikes 0Informatives
  • Reply 31 of 51
    All (or most) of the exploits are still there. The worst ones are the ones that can be done with a simple USB drive that Jain breaks

    You are far too intelligent for this. The web hacks imply that you are willfully doing it, by yourself, with your own actions. This is simply a public way to show people how to hack into someone else's phone when they put it down (if they are showering or something).

    I can personally attest that an iPhone, iPad, or Mac can be hacked. Just search for something that will do it. If you have enough money you can buy the program where you only need to plug in a USB drive for a few seconds. It will be jail broken, linked and done in under a minute with physical access and you will not be able to see. I suppose if you are a loner (certainly not saying you are) it's not an issue however.

    God bless! ????

    The web hack implies that it can accomplished via clicking on an innocent looking link disguised as anything. Masque Attack appears to require purposely downloading an app, an app that is outside the App Store, and agreeing to a specific provisioning profile. That latter seems a lot more specific, which sounds a lot harder for the blackhats to causally infect devices.

    I think we are supposed to follow the white rabbit.

    I don't understand pro-jailbreak community especially people becoming upset that Apple patches the vulnerabilities.

    Notably, Google Android considers the option to install malicious, rogue apps a feature. Which is it; a vulnerability or a feature or is this entirely dependent upon which system is in discussion?

    I'm pro-jailbreak. If there isn't someone not offered by OEM and you find a solution to make it your own then go right ahead. In that scope it's different than making a hot rod out of a 1934 Ford. I used to jailbreak but Apple now offers ever feature I want (that is also found on Cydia). Except for buying Tom Tom I paid more money per app than I have on the App Store, which may be ironic, because I first tested Tom Tom, than a $50 App Store app for the US, by installing a cracked version to see if it was good enough to replace my stand-alone unit. It wasn't just as good, but much better so I bought the app. That was the only time I did that. Now I test an app by simply buying it and then getting a refund if I don't like it, (segueing...) which I think is horrible on Apple's part because they don't remove the app from the device when you do that. I don't understand why they don't let the developer set a trial period. I think a lot of people would test more apps if they could try them for free. Some savvy developers unlock full features with an in-app payments but not all apps fit that mold.
     0Likes 0Dislikes 0Informatives
  • Reply 32 of 51
    solipsismy wrote: »
    The web hack implies that it can accomplished via clicking on an innocent looking link disguised as anything. Masque Attack appears to require purposely downloading an app, an app that is outside the App Store, and agreeing to a specific provisioning profile. That latter seems a lot more specific, which sounds a lot harder for the blackhats to causally infect devices.
    I'm pro-jailbreak. If there isn't someone not offered by OEM and you find a solution to make it your own then go right ahead. In that scope it's different than making a hot rod out of a 1934 Ford. I used to jailbreak but Apple now offers ever feature I want (that is also found on Cydia). Except for buying Tom Tom I paid more money per app than I have on the App Store, which may be ironic, because I first tested Tom Tom, than a $50 App Store app for the US, by installing a cracked version to see if it was good enough to replace my stand-alone unit. It wasn't just as good, but much better so I bought the app. That was the only time I did that. Now I test an app by simply buying it and then getting a refund if I don't like it, (segueing...) which I think is horrible on Apple's part because they don't remove the app from the device when you do that. I don't understand why they don't let the developer set a trial period. I think a lot of people would test more apps if they could try them for free. Some savvy developers unlock full features with an in-app payments but not all apps fit that mold.

    I disagree, which is fine and the way it should be. The web hack was only found by people who were looking for it. At the time they had to know they were doing it, search for it, research it, and do it correctly. Also, once they got it, do you think they really got it for free? Do you, as a sane person, think there was no money being made? That's left overs. This enterprise exploit is where the money is.

    Ever wonder what your spouse is texting right next to you? Want to know what your daughter is doing? Who she's talking to? With this one program you can see all of the texts they are sending, and receiving! Want to know what they are looking up on the web? Would you like to know where your spouse or children are? For $1,050 you can! Do they use a computer or tablet? We offer a discount for the bundle!

    So far the the enterprise exploit has been the quickest, longest, money making jail break so far. Some politician got burned and now it's an issue. I bet every politician has all of their messages showing up on multiple devices. Being pro "jail break" is different than having someone "jail break" your device on you. ...and it takes less than a minute.

    I don't think you understand how tempting it is to the unethical people out there.

    God bless! ????
     0Likes 0Dislikes 0Informatives
  • Reply 33 of 51
    I disagree, which is fine and the way it should be. The web hack was only found by people who were looking for it. At the time they had to know they were doing it, search for it, research it, and do it correctly. Also, once they got it, do you think they really got it for free? Do you, as a sane person, think there was no money being made? That's left overs. This enterprise exploit is where the money is.

    All hacks are presumably found by people looking for them (or least aware of a chink in the armour when they come across it), but I don't believe that all hackers have nefarious purpose in mind. That is not to say they aren't looking to monetize their discovery. The one I referenced earlier is the the old jalbreakme.com (Jailbreak Me 2.0). Very, very clever. They use multiple exploits that create a jailbreak that is so streamlined it's usually only found on TV crime dramas that try to tackle a story about computer hackers.


    Maque Attack, this is designed to be nefarious, not helpful, but because of the multiple, unlikely circumstances that have to be in place, unlike simply having a putting a hyperlink on a form disguised as something else, it's not something anyone should worry about. I'm more worried about a sentient comet getting pissed because we dumped Earth crap on it than I am of Masque Attack.


    PS: It occurs to me that we may be looking at the same elephant from different vantage points.
    PPS & OT: I had a dream last night where A Few Good Men was being remade with Luke Wilson as Tom Cruise's role but Wilson was doing all the courtroom scenes as Robin Williams. It was so odd that I just had to share.
     0Likes 0Dislikes 0Informatives
  • Reply 34 of 51
    Quote:

    Originally Posted by SolipsismY View Post





     Now I test an app by simply buying it and then getting a refund if I don't like it, (segueing...) which I think is horrible on Apple's part because they don't remove the app from the device when you do that. I don't understand why they don't let the developer set a trial period. I think a lot of people would test more apps if they could try them for free. Some savvy developers unlock full features with an in-app payments but not all apps fit that mold.

     

     

    I would buy so many more apps if there were trials. So many more. Sometimes I end up taking leaps of faith (FTL being the most recent, it kicks my butt but it's fun) but not as many as I did in the early days of the App Store.

     0Likes 0Dislikes 0Informatives
  • Reply 35 of 51
    solipsismy wrote: »
    All hacks are presumably found by people looking for them (or least aware of a chink in the armour when they come across it), but I don't believe that all hackers have nefarious purpose in mind. That is not to say they aren't looking to monetize their discovery. The one I referenced earlier is the the old jalbreakme.com (Jailbreak Me 2.0). Very, very clever. They use multiple exploits that create a jailbreak that is so streamlined it's usually only found on TV crime dramas that try to tackle a story about computer hackers.


    Maque Attack, this is designed to be nefarious, not helpful, but because of the multiple, unlikely circumstances that have to be in place, unlike simply having a putting a hyperlink on a form disguised as something else, it's not something anyone should worry about. I'm more worried about a sentient comet getting pissed because we dumped Earth crap on it than I am of Masque Attack.


    PS: It occurs to me that we may be looking at the same elephant from different vantage points.
    PPS & OT: I had a dream last night where A Few Good Men was being remade with Luke Wilson as Tom Cruise's role but Wilson was doing all the courtroom scenes as Robin Williams. It was so odd that I just had to share.

    What I don't think that you understand, with all due respect (and I do respect you), is that this is just the tip of an iceberg. Someone had (made) enough and bled the secret. That's all. There are several exploits left and more to find.

    Robin's soul had enough of this. However, when you threw the whole Wilson thing in there I was picturing a volleyball with a face on it speaking with Robins voice doing a lot of the courtroom chat.

    God bless! ????
     0Likes 0Dislikes 0Informatives
  • Reply 36 of 51
    onhka wrote: »

    Try G4Monster's tip

    P.S. Let us know if it works.

    I really truly appreciate your help. I had already found and tried that. Unfortunately I'm using Yosemitee. That did seem like an odd work around, but perhaps it worked two years ago.


    Edit: Just to be clear, this isn't why Apple is calling me in a few hours. I asked here because there seems to be sooo many people that apparently know exactly how everything works so much better than I do. It was worth a shot to ask. They are calling me in a few hours on a security issue. Hopefully I get someone that knows something instead of the usual "try this, try this, try this. Hold a moment. O.k here's a specialist. Try this, try this, try this. Hold a moment..."

    My Console is on fire. I have 4000 messages per hour. For a computer that is used as a media center only, never seen an outside app except an airdropped little snitch it's odd.

    For the record, The computer seems to be working fine. However I certainly don't want to hear people blasting hackers that warn Apple though. So no one testing Yosemitee tried it on a mini? Makes sense I suppose. I did want to buy a new mini, but they didn't release one this year that I want to buy.

    I don't expect concern. Heck when I made a fuss over it to people I'm close to all I got in response was "so can we watch Eagle Eye?" ...."yes"

    God Bless!
     0Likes 0Dislikes 0Informatives
  • Reply 37 of 51
    Quote:
    Originally Posted by matrix07 View Post

     



    Huh, I had PCs and needed to wipe my HDD a few times because of virus. Just you didn't get it doesn't make it unreal. Asks Microsoft why do they always provide security updates every couple of weeks if there's no such a danger.

     

    Sheesh. I hate this revisionist. Just because Apple system is significantly safer, now all security flaws in other's OS are all imaginative. Talks about head in the sand.




    Saying that "Apple system is significantly safer" is like saying an Abrams makes a significantly better attack vehicle than a chevy tahoe. While true, it doesn't really illustrate an accurate scale of the magnitude of the disparity. ;-)

     0Likes 0Dislikes 0Informatives
  • Reply 38 of 51
    jbdragonjbdragon Posts: 2,315member
    djsherly wrote: »
    Apparently only 9 people have bent iphones too.

    Like no one knows more have been bent since that time. Is this the new fandroids thing to say. Single 1 item and run it into the ground like the whole rounded corners thing?. Just flat out leaving everything else out.

    According to consumers report, the HTC ONE M8 bend easier then the iPhone. Yet for some reason none of you care about that.
     0Likes 0Dislikes 0Informatives
  • Reply 39 of 51

    I would buy so many more apps if there were trials. So many more. Sometimes I end up taking leaps of faith (FTL being the most recent, it kicks my butt but it's fun) but not as many as I did in the early days of the App Store.

    Unless it's the "real" apps that are $50 or so, what are you worried about? There are few good games because almost all rely on in app purchases. The apps literally killed themselves. It will die out soon because of the business model. There is nothing wrong with offering up an awesome app and expecting payment for it.

    Every time I or a family member look at them, it's "oh, it's free? Can't be that good"
     0Likes 0Dislikes 0Informatives
  • Reply 40 of 51
    jbdragon wrote: »
    Oh look another clueless moron. Are you really this dumb?. Throwing that crap out of something Apple said weeks ago. Like no one knows more have been bent since that time. Is this the new fandroids thing to say. Single 1 item and run it into the ground like the whole rounded corners thing?. Just flat out leaving everything else out.

    According to consumers report, the HTC ONE M8 bend easier then the iPhone. Yet for some reason none of you care about that.

    They're bending. Living in denial doesn't make it go away.

    Edit: they get mis-formed. Is that better?
     0Likes 0Dislikes 0Informatives
Sign In or Register to comment.