Masque Attack

Masque Attack is the name of an iOS vulnerability identified and named by computer security company FireEye in July 2014. FireEye privately informed Apple Inc. of the issue on July 26, 2014 and disclosed the vulnerability to the public on November 10, 2014 through a blog post on their website. The vulnerability is identified to exist on iOS 7.1.1, 7.1.2, 8.0, 8.1 and 8.1.1 beta, and on jailbroken and non-jailbroken iOS devices. The vulnerability consists of getting users to download and install apps that have been deceptively created with the same bundle identifier as an existing legitimate app. The deceptive app can then replace and pose as the legitimate app, as long as the app was not one pre-installed along with iOS (i.e., the default Apple apps) – and thus, the reason FireEye gave for naming the vulnerability "Masque Attack".

Once the deceptive app is installed, the malicious parties can access any data entered by the user, such as account credentials.

On November 13, 2014, the United States Computer Emergency Readiness Team (US-CERT, part of the Department of Homeland Security) released Alert bulletin TA14-317A, regarding the Masque Attack.

Apple stated on November 14 that they were not aware of any incidents in which one of their customers had been affected by the attack.