Apple statement on Masque Attack iOS vulnerability: 'Not aware of any customers that have actually been affected' (Jeremy C. Owens/Mercury News)

Publié par bbfg556 on jeudi 13 novembre 2014 /

Techmeme

Apple statement on Masque Attack iOS vulnerability: 'Not aware of any customers that have actually been affected' (Jeremy C. Owens/Mercury News)

People look at the new iPad Mini 3 (L) and iPad Air 2 (R) on October 16, 2014 during an event unveiling the company’s new iPad line in Cupertino,

People look at the new iPad Mini 3 (L) and iPad Air 2 (R) on October 16, 2014 during an event unveiling the company's new iPad line in Cupertino, California. Apple released the new iPads and introduced updated operating software and announced that its new mobile payments system, Apple Pay, will launch on October 20. Apple, which popularized tablets with its iPad, remained the largest single global vendor in the second quarter but its market share fell to 26.9 percent from 33 percent in 2013. AFP PHOTO/GLENN CHAPMANGLENN CHAPMAN/AFP/Getty Images (GLENN CHAPMAN)

CUPERTINO -- In Apple's first statement since a vulnerability in its popular mobile devices was described by security specialists, the company said Thursday that it was unaware of any user actually being hacked through the "Masque Attack" technique.

"We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software,' an Apple spokesman said in an emailed statement. "We're not aware of any customers that have actually been affected by this attack."

In a blog post Monday, researchers with Milpitas security firm FireEye described a path through which hackers could take over a legitimately downloaded iOS mobile application and potentially siphon personal information. The malicious software would be delivered through an app downloaded from the Web, which Apple and FireEye strongly warned against.

"We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps," the Apple statement read. "Enterprise users installing custom apps should install apps from their company's secure website."

An approach similar to the Masque Attack vulnerability was used in software found on a site offering Mac applications in China that could attack iPhones and iPads as they synced with Apple PCs. That vulnerability was disclosed last week by FireEye rival Palo Alto Networks.

"Because all the existing standard protections or interfaces by Apple cannot prevent such an attack, we are asking Apple to provide more powerful interfaces to professional security vendors to protect enterprise users from these and other advanced attacks," the FireEye researchers wrote Monday.

Apple ended Thursday with its highest market capitalization on record, $663 billion, topping previous highs set in 2012.

Contact Jeremy C. Owens at 408-920-5876; follow him at Twitter.com/jowens510.




0 commentaires:

Enregistrer un commentaire