Beware Apple iOS attacks using ‘Masque Attack’ techniques from uncertified apps

Researchers have discovered a technique that may enable attackers to substitute malware for a legitimate app on Apple iOS devices such as iPhones and iPads.

Although the risk of being subjected to a Masque Attack is low, it is another reminder not to download pirated apps or software from untrusted sources. It is also a reminder that Apple products are increasingly being targeted by attackers.

As many people believe you cannot get a virus/trojans/malware on Apple devices (more so on OSX), this is not true and Apple devices, due to their numbers, will and currently are being targeted. Sterling IT use and recommend Webroot and/or Trend Micro Antivirus to protect Apple Mac.

About Masque Attack

A Masque Attack can occur if a user downloads an app from a rogue source such as a link embedded in a phishing email or from an unofficial app site hosting fake ‘uncertified’ apps.

The Masque Attack takes advantage of a weakness in iOS security which can enable malware to be installed.

If a malicious app can be crafted to use the same ‘bundle identifier’ (an ID Apple uses to identify individual apps) as a legitimate app on your phone, Apple will not check its security certificate. It means that a malicious app can replace a legitimate app on your device.

A criminal using the Masque Attack technique will typically disguise their malware as a popular game or program for you to install. Only install via the APP STORE via your device.

Once installed it may be able to steal information from your device such as passwords or internet banking details and send them to a remote server controlled by criminals. Possible impacts include the malware being able to steal logon credentials; access sensitive data; avoid detection and steal Apple IDs and passwords.

Staying safe

  1. Do not download software or apps from untrusted sources. Sticking with Apple’s AppStore helps protect against downloading malicious software
  2. Do not click ‘install’ from pop ups when viewing a web page. Even if it tells you , that you have a virus. Most of these are traps.
    Sterling IT has posted MANY emails recently with relation to this and unfortunately we are still getting clients infected, even with prior warning.
  3. If your iOS device shows an ‘Untrusted App Developer’ alert when you open an app, click on ‘Don’t Trust’ and uninstall the app immediately.
  4. Use security software for all your computer and mobile devices.
  5. Keep your system up-to-date by downloading software updates as they are released.
  6. Do not connect or ‘pair’ your device with untrusted computers.

For FREE advice or any questions regards to this, please contact Sterling IT. You are better asking as prevention is better than cure!!


How to Block Porn on iOS 7 for iPhone, iPad & iPod Touch – Adult Filter

Business’, Parents and users looking to block porn on the iPhone and iPad should be first in line to update to iOS 7.

Apple includes enhanced parental controls on iOS 7 including an iPad and iPhone porn block feature that can restrict the ability of users to access websites with adult material.

Like any internet filter, this iPhone porn block feature isn’t going to be perfect, but in our tests the iOS 7 porn filter did a good job of preventing access to questionable websites.

This is a free feature in iOS 7 and it is at the system level so it can block porn and other adult themed websites throughout the device without requiring the user to use a specific browser.

The iPhone porn block feature is new in iOS 7.

The iPhone porn block feature is new in iOS 7.

In our testing, the iPhone porn block mode even carries over to Google Chrome on the iPhone, so kids and users can’t just download a new browser to get around this.

First off you will need to update to iOS 7 to use the Adult Web Filtering feature. This is a new feature in iOS 7, and it is a free update.

When you have iOS 7 installed the following steps will get you to the point where you can block adult material on the iPhone and iPad.

Settings -> General -> Enable Restrictions -> Websites -> Limit Adult Content

This will prompt you to enter a pass code, and you should make it one that is different from the user’s unlock code, or they can turn it on and off at will. When prompted create a secret code that the user will not know.

Parental controls in iOS 7 let users block porn on the iPhone, iPad and iPod touch.

Parental controls in iOS 7 let users block porn on the iPhone, iPad and iPod touch.

To turn off the iPhone porn blocking feature in iOS 7, enter the pass code and turn restrictions off. If the pass code is locked you may need to reset the iPhone, iPad or iPod touch.

Because no Internet filter is perfect, the parent or administrator can manually block and allow certain websites always. Enter these in the settings menu, or enter the pass code when browsing to add an attempted address to the list.

Thank you: Source

iOS 6.1: Excess Exchange activity after accepting an exception to recurring calendar event Products Affected iPad, iPhone


When you respond to an exception to a recurring calendar event with a Microsoft Exchange account on a device running iOS 6.1, the device may begin to generate excessive communication with Microsoft Exchange Server. You may notice increased network activity or reduced battery life on the iOS device. This extra network activity will be shown in the logs on Exchange Server and it may lead to the server blocking the iOS device. This can occur with iOS 6.1 and Microsoft Exchange 2010 SP1 or later, or Microsoft Exchange Online (Office365).

* An exception is a change to a single instance of a repeating calendar event.


Apple has identified a fix and will make it available in an upcoming software update. In the meantime, you can avoid this bug by not responding to an exception to a recurring event on your iOS device. If you do experience the symptoms described above, disable then reenable the Exchange calendar on your iOS device using the steps below.

  1. Go to Settings > Mail, Contacts, Calendars
  2. Select the Exchange account from your Accounts list.
  3. Turn the switch for Calendars to OFF.
  4. Wait ten seconds.
  5. Turn the switch for Calendars back to ON.