User profile for user: Star Traveler
Star Traveler Author
User level: Level 4
1,755 points

Don't Download Apps outside of the Apple Store!

Here is a warning for iPad users to NOT try to download apps from anywhere else ... other than the Apple App Store. Keep SAFE and stay within the Security Protocols that Apple has set up for your safety from people trying to steal data from you! If you "go off the reservation" it's going to be totally your fault!


http://www.reuters.com/article/2014/11/13/us-apple-cybersecurity-dhs-idUSKCN0IX2 9T20141113?feedType=RSS&feedName=technologyNews



U.S. Government Warns on bug in Apple's iOS Software



There was the potential for hacks using a newly identified technique known as the "Masque Attack," the government said in an online bulletin from the National Cybersecurity and Communications Integration Center and the U.S. Computer Emergency Readiness Teams.



The network security company, FireEye Inc (FEYE.O), disclosed the vulnerability behind the "Masque Attack" earlier this week, saying it had been exploited to launch a campaign dubbed "WireLurker" and that more attacks could follow.



Hackers could potentially steal login credentials, access sensitive data stored on iOS devices and remotely monitor activity on those devices, the government said.



Such attacks could be avoided if iPad and iPhone users only installed apps from Apple's App Store or from their own organizations, it said.



Users should not click "Install" from pop-ups when surfing the web. If iOS flashes a warning that says "Untrusted App Developer," users should click on "Don't Trust" and immediately uninstall the app, the bulletin said.

iPad (4th gen) Wi-Fi + Cellular, iOS 8

Posted on Nov 13, 2014 11:34 AM

Reply
8 replies
User profile for user: Star Traveler
Star Traveler Author
User level: Level 4
1,755 points

Nov 13, 2014 3:19 PM in response to bobseufert

bobseufert wrote:


As far as I know the only way to install non-Apple apps is to jailbreak or use an emulator, both of which can cause trouble on their own.


Things are changing ... it doesn't take jail breaking any more ...


http://www.csmonitor.com/Innovation/Tech/2014/1106/How-to-protect-your-iPhone-fr om-Wirelurker-the-first-iOS-malware-video


Though not a huge threat to Americans, Wirelurker is important to note because it is the first of its kind, according to Palo Alto Networks, and the vulnerabilities it exposed could pose a threat to other Apple devices. Wirelurker was able to get on phones that weren't jailbroken through a process known as enterprise provisioning, which is when a software uses an official identification to let third-party apps onto iOS devices. The IDs are normally reserved for large businesses to allow them to create apps without the hassle of being approved, but Wirelurker showed that it is possible to forge one.


"It is the first in-the-wild malware to install third-party applications on non-jailbroken iOS devices through enterprise provisioning," Claud Xiao, researcher at Palo Alto Networks, wrote on the company's site.

Reply
User profile for user: TheOrzage
TheOrzage
User level: Level 1
4 points

Nov 13, 2014 11:55 AM in response to Star Traveler

This is why Apple revokes Apple Enterprise certificates. If you do not feel safe about an app, don't do it. Most of the malware, viruses, etc apps Apple has revoked and there is no way to install them. It will say it can not be installed at this moment. So yes, it is safe to install 3rd party apps. But you always have to watch it. Apple revokes things that are not safe. So you shouldn't worry that much.


Source: my knowledge and I own an app that promotes to not hack the iOS system.

Reply
User profile for user: Star Traveler
Star Traveler Author
User level: Level 4
1,755 points

Nov 14, 2014 8:38 AM in response to Star Traveler

A followup from Apple ...

http://www.imore.com/apple-comments-masque-attack



Masque Attack — the abuse of Apple's iOS Enterprise Developer or standard developer systems to try and trick people into installing malware apps on their iPhones or iPads — made for sensational headlines earlier this week, despite it being a threat to relatively few users. In response to Masque Attack, Apple gave iMore the following statement:

"We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software," an Apple spokesperson told iMore. "We're not aware of any customers that have actually been affected by this attack. We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps. Enterprise users installing custom apps should install apps from their company's secure website."

Reply
User profile for user: Star Traveler
Star Traveler Author
User level: Level 4
1,755 points

Nov 23, 2014 2:21 PM in response to jj6868

jj6868 wrote:


Does this explain why in the "Atari Greatest Hits". iPad app, in app purchases would try and redirect me to external sites with untrusted certificates? Why would Atari do this or has the app been compromised??


Anything in the Apple App Store that is found referring you to an outside "download site" for apps, would IMMEDIATELY BE DELETED from the App Store. If that is happening to you ... and you're being referred to an outside download site ... all you need to do is report it to Apple and that app is gone!

Reply

This thread has been closed by the system or the community team. You may vote for any posts you find helpful, or search the Community for additional answers.

Don't Download Apps outside of the Apple Store!

Welcome to Apple Support Community
A forum where Apple customers help each other with their products. Get started with your Apple Account.
Learn more Sign up