iOS malware ▪ November 7, 2014

wirelurker

Apple has now blocked the launching of Mac apps infected with WireLurker malware, after earlier revoking security certificates to prevent them being installed on new devices. WireLurker was capable of infecting non-jailbroken iOS devices when connected to a Mac running one of the compromised apps. Over 400 Mac apps in a third-party Chinese app store were affected.

In a written statement, an Apple spokesperson said:

We are aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching. As always, we recommend that users download and install software from trusted sources.

However, a security researcher says that it would be easy for other attackers to exploit the exact same weakness …  expand full story

iOS malware ▪ April 22, 2014

iOS malware ▪ August 20, 2013

iOS malware ▪ November 7, 2011

Security expert Charlie Miller has found a flaw in code signing on iOS devices (via Forbes) that allows developers to sneak malware apps onto the App Store without Apple’s detection. The malware can then be used to read user’s contacts, make the phone vibrate or sound a ringtone, steal user’s photos, and more whenever the developer chooses. Sketchy!

To shed more light on the exploit Miller is giving a talk at the SysCan conference in Taiwan next week, but he does a good job in showing it off in the video above. Miller isn’t a novice to iOS and Mac security by any means. In 2008 Miller broke into the MacBook Air in two minutes through Safari and more.

Users would definitely be taken by surprise, seeing as we’re all pretty comfortable with how secure Apple keeps the App Store with the company’s review process. Sadly, it looks like any app could be used to harm users. For now, we suggest you keep away from lesser-known apps and developers until Apple issues a fix for the exploit.

Miller’s app has been both removed from the App Store and his developer account has been closed. At any rate, this was definitely a nice find.

Submit a Tip

cancel

Submitting a tip constitutes permission to publish and syndicate. Please view our tips policy or see all contact options.

Powered by WordPress.com VIP