Apple has responded to the news of the Masque Attack threat targeting iPhone and iPad users by saying it isn't an issue at all, and that it hasn't found any reports of people falling victim to the security flaw.
Apple claims Masque Attack threat is all hype
In a statement to iMore, an Apple spokesperson said,
We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software. We're not aware of any customers that have actually been affected by this attack. We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps. Enterprise users installing custom apps should install apps from their company's secure website.
Masque Attack made the news earlier this week when the security firm FireEye outlined out attackers could potentially use an iOS Developer Enterprise Program account from Apple to target victim's iOS devices with apps that look as if their legit titles from the App Store, but include malicious payloads. Tricking victims into installing such an app involves several steps, including intentionally bypassing the built-in security measures in iOS 7.1 and higher.
Considering the steps needed to successfully compromise someone's iOS device via Masque Attack, the real security threat is the end user.
When The Mac Observer first wrote about Masque Attack, we noted that falling victim to the threat is highly unlikely, and that it isn't a big a concern for iPhone and iPad users as most of the media made it out to be. It looks like that's still the case, although practicing safe computing habits is still a good idea.
To avoid threats like Masque Attack, don't download and install any app on your iPhone or iPad outside of Apple's App Store. If you think you may have installed a malicious version of an app, just delete it and download a fresh version from the App Store. Also, don't visit websites you don't feel you can trust.