Apple blocks WireLurker malware apps from opening, but needs to do more, argues security researcher

wirelurker

Apple has now blocked the launching of Mac apps infected with WireLurker malware, after earlier revoking security certificates to prevent them being installed on new devices. WireLurker was capable of infecting non-jailbroken iOS devices when connected to a Mac running one of the compromised apps. Over 400 Mac apps in a third-party Chinese app store were affected.

In a written statement, an Apple spokesperson said:

We are aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching. As always, we recommend that users download and install software from trusted sources.

However, a security researcher says that it would be easy for other attackers to exploit the exact same weakness …  Read more

New iOS security exploit lets apps read users’ information by executing unsigned code

Security expert Charlie Miller has found a flaw in code signing on iOS devices (via Forbes) that allows developers to sneak malware apps onto the App Store without Apple’s detection. The malware can then be used to read user’s contacts, make the phone vibrate or sound a ringtone, steal user’s photos, and more whenever the developer chooses. Sketchy!

To shed more light on the exploit Miller is giving a talk at the SysCan conference in Taiwan next week, but he does a good job in showing it off in the video above. Miller isn’t a novice to iOS and Mac security by any means. In 2008 Miller broke into the MacBook Air in two minutes through Safari and more.

Users would definitely be taken by surprise, seeing as we’re all pretty comfortable with how secure Apple keeps the App Store with the company’s review process. Sadly, it looks like any app could be used to harm users. For now, we suggest you keep away from lesser-known apps and developers until Apple issues a fix for the exploit.

Miller’s app has been both removed from the App Store and his developer account has been closed. At any rate, this was definitely a nice find.