Apple has dismissed claims that a new breed of malware, known as Masque, is affecting iPhone and iPad owners. The threat comes just one week after the so-called Wirelurker malware was uncovered.
The threat was uncovered by FireEye earlier this week and the US Computer Emergency Readiness Team (CERT) has issued a warning about the malware, urging device owners to avoid untrusted apps and websites.
However, Apple said in a statement that it was not aware that any customers have been affected by Masque.
"We designed OS X and iOS with built-in security safeguards to help protect customers and warn them before installing potentially malicious software. We’re not aware of any customers that have actually been affected by this attack,” it said.
Apple did issue similar warnings to the US CERT team, though, by advising iPhone and iPad owners to be aware of the security risks posed by untrusted sites.
“We encourage customers to only download from trusted sources like the App Store and to pay attention to any warnings as they download apps. Enterprise users installing custom apps should install apps from their company’s secure website,” the firm said.
FireEye described Masque as a significant threat that exploits a flaw in the operating system's 'bundle identifier' for downloaded apps.
FireEye said in a Masque blog post: "In July 2014, FireEye mobile security researchers discovered that an iOS app installed using enterprise/ad hoc provisioning could replace another genuine app installed through the App Store, as long as both apps used the same bundle identifier."
The security firm added that the vulnerability exists on iOS 7.1.1 through to 8.1.1 beta, and that anything other than pre-installed apps are vulnerable.
"All apps can be replaced except iOS pre-installed apps, such as Mobile Safari. This vulnerability exists because iOS doesn't enforce matching certificates for apps with the same bundle identifier.
"An attacker can leverage this vulnerability through wireless networks and USB."
The US CERT Apple iOS Masque malware alert recommended Apple iOS users to stick to trusted application download sites and trusted computers, and pay attention to pop-up warnings saying that an app may be untrusted.
The security community as a whole has called on Apple to investigate the threat.
Deepen Desai, head of security research at Zscaler, said: "Users will always be susceptible to social engineering tactics luring them into installing an app from an untrusted source.
"Apple needs to fix the loophole that exists in the support for enterprise provisioning profiles which allows an attacker to completely bypass iOS security checks and install a malicious app on the iOS device."
Zscaler also urged iOS users not to plug mobile devices into untrusted computers as the malware can be transmitted via USB.
Neil Martin of Panda Security discusses Epic Games' decision to avoid the Google Play Store in its Android release of its popular game Fortnite
Musk went public on privatisation plan "because I felt it was the right and fair thing to do so"
Intel's 9th generation Core CPUs will be released on 1 October along with Z390 motherboards
Short-sellers burnt by Musk's "false and misleading" tweets the first to file suit