Palo Alto Networks researchers have revealed a new family of iOS malware that successfully infected non-jailbroken smartphones, named “AceDeceiver”Â.
AceDeceiver manages to install itself without abusing enterprise certificates as some iOS malware has done over the past two years. AceDeceiver installs itself without any enterprise certificate, exploiting design flaws in Apple’s DRM mechanism. Despite the fact that Apple has removed AceDeceiver from the App Store, it may still spread thanks to a novel attack vector, the research shows.
AceDeceiver is a new example of how malware can infect non-jailbroken iOS devices.
“Deceiver is the first iOS malware we’ve seen that abuses certain design flaws in Apple’s DRM protection mechanism – namely FairPlay – to install malicious apps on iOS devices regardless of whether they are jailbroken”, researchers say. “This technique is called FairPlay Man-In-The-Middle (MITM) and has been used since 2013 to spread pirated iOS apps, but this is the first time we’ve seen it used to spread malware.”Â
AceDeceiver only affects users in mainland China.
Palo Alto Networks researchers have found that the new attack technique is more dangerous than previous ones for the following reasons:
tags
Former business journalist, Razvan is passionate about supporting SMEs into building communities and exchanging knowledge on entrepreneurship.
View all postsDecember 19, 2024
November 14, 2024