Slashdot Mirror

← Back to Stories (view on slashdot.org)

Advertising Malware Affects Non-Jailbroken iOS Devices

Posted by Soulskill on from the there's-an-app-for-that dept.

An anonymous reader writes: Malware called YiSpecter is infecting iOS devices belonging to Chinese and Taiwanese users, and is the first piece of malware that successfully targets both jailbroken and non-jailbroken devices, Palo Alto Networks researchers warn. What's more, the techniques it uses for hiding are making it difficult to squash the infection. YiSpecter's malicious apps were signed with three iOS enterprise certificates issued by Apple so that they can be installed as enterprise apps on non-jailbroken iOS devices via in-house distribution. Through this kind of distribution, an iOS app can bypass Apple's strict code review procedures and can invoke iOS private APIs to perform sensitive operations.

4 of 69 comments (clear)

  1. Opening Ceremonies by eedwardsjr · · Score: 2, Insightful

    Let the griping begin. Queue the fanboys from both sides.

  2. Revoke the certificate by sjbe · · Score: 4, Insightful

    YiSpecter's malicious apps were signed with three iOS enterprise certificates issued by Apple so that they can be installed as enterprise apps on non-jailbroken iOS devices via in-house distribution.

    So Apple should revoke the certificate. Why is this a problem? What makes this newsworthy? What am I missing?

    It should surprise nobody that malware makers find security holes. Apple is no exception. But the entire point of certificates is that they can be revoked in the event there is a problem. Revoke the certificate which should then disable the app. If it doesn't work this way then something is wrong and the certificate is pointless.

  3. Re: Not really a flaw... by Anonymous Coward · · Score: 1, Insightful

    The app was "signed" and it didn't matter. Malware leaked in. Apple's method of securing appspace for the enterprise failed.

  4. Jailbreak == security vulnerability by zarmanto · · Score: 4, Insightful

    Every now and then, I read a comment from someone about how Apple must "hate" the jailbreakers, because they keep closing off the flaws which make jailbreaks possible. The reality -- as effectively demonstrated in this instance -- is that the flaws which allow jailbreaks also just happen to open your phone up to malware. Apple is far more concerned with what a malicious entity might do to their customer base through these flaws, then with what the jailbreakers are doing to their own phones. Would, that more people understood this.