Researchers Find iOS Malware That Infects Non-Jailbroken Devices

An anonymous reader writes: Researchers at Palo Alto Networks are reporting about a new iOS malware that could infect non-jailbroken devices without a user's consent. Dubbed "AceDeceiver," the iOS malware exploits a flaw in Apple's DRM software. The researchers claim that the iOS malware could technically infect any type of iOS device, provided a user downloads a third-party app. From the blog post on Palo Alto Networks' website, "AceDeceiver is the first iOS malware we've seen that abuses certain design flaws in Apple's DRM protection mechanism -- namely FairPlay -- to install malicious apps on iOS devices regardless of whether they are jailbroken. This technique is called "FairPlay Man-In-The-Middle (MITM)" and has been used since 2013 to spread pirated iOS apps, but this is the first time we've seen it used to spread malware." The aforementioned malware required users to download a compromised Windows application. Apple has removed three offending apps from the App Store, and it appears that only users in China were targetted.

Re:Expected Outcome Should Be Expected

[macs4all]

"...the iOS malware exploits a flaw in Apple's DRM software"

O The Irony.

Trying to protect their profits creates a situation that will almost certainly cost them money.

Perhaps you have forgotten this, which clearly explains Apple's actual stance on DRM.

There wouldn't have BEEN a digital music market if Apple hadn't figured out a reasonable compromise on DRM.

And, if you recall, Apple DROPPED DRM from their Music files YEARS ago. FairPlay is just hanging around for the people who never updated their old DRM-ed music files.