US government posts iOS Masque Attack alert

The U.S. Government’s Computer Emergency Readiness Team (US-CERT) has posted an official alert regarding the iOS Masque Attack disclosed earlier this week. The notice summarizes the vulnerability, specifically noting that the vulnerability works “under a limited set of circumstances” and that “in order for the attack to succeed, a user must install an untrusted app, such as one delivered through a phishing link.” The bulletin goes on to reiterate the solutions provided by the original report: specifically that users should not install apps from sources other than Apple’s App Store or their own enterprise organization, should never click install from an app pop-up that appears on a web page, and if iOS shows an “Untrusted App Developer” alert, click on “Don’t Trust” and remove the app.