Apple says no customers have been affected by "Masque Attack"

Earlier this week, security researchers at FireEye disclosed a new iOS vulnerability dubbed "Masque Attack." The attack works when users download what appears to be an updated version of an app they already have outside the confines of the App Store or their company's provisioning system.

In July 2014, FireEye mobile security researchers have discovered that an iOS app installed using enterprise/ad-hoc provisioning could replace another genuine app installed through the App Store, as long as both apps used the same bundle identifier. This in-house app may display an arbitrary title (like "New Flappy Bird") that lures the user to install it, but the app can replace another genuine app after installation.

Yesterday, Apple issued a statement to iMore indicating that it's not aware of any users having fallen prey to Masque Attack.

We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software. We're not aware of any customers that have actually been affected by this attack. We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps. Enterprise users installing custom apps should install apps from their company's secure website."

Interestingly enough, the US Government issued an alert as to the dangers of Masque Attack yesterday.