iPhones vulnerable to app-related security flaw, warn US officials

Watch for the 'Masque Attack'

iOS apps

The US Computer Emergency Readiness Team (CERT) has issued an alert to warn iOS users that they're vulnerable to a unique form of attack.

They call it the "Masque Attack," and it involves malicious users tricking you into installing harmful apps from outside Apple's App Store.

Devices with iOS versions 7 and up, including the latest releases, are vulnerable, CERT says.

The exploit reportedly works because iOS can't distinguish between authentic and counterfeit apps as long as the counterfeit has the correct "bundle identifier."

A simple solution

Apple issued a statement, though, with a simple solution: only download apps and app updates from "trusted sources."

"We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps," an Apple spokesperson said.

"Enterprise users installing custom apps should install apps from their company's secure website," the spokesperson added.

That's one source of potential trouble, if attackers are able to pose as corporate users' IT staff. But Apple and FireEye, the security firm that discovered the vulnerability, said there are no recorded instances of this actually being exploited.

Via Re/code

Article continues below