It’s long been thought that the Macs and iPhones were invulnerable against malware but a newly discovered vulnerability shows no system is completely safe. While Apple has tight control over its App Store, preventing malicious apps from being published, there are still other ways for your iPhone to get infected.
Security research firm Palo Alto Networks published a report on a new type of malware they call Wirelurker. It works by infecting a Mac with a piece of software obtained outside the official Mac App Store. The app waits until the user connects his or her iPhone to the computer, injecting randomly created malicious applications onto the device.
The most worrying thing about Wirelurker is that it works on non-jailbroken iPhones too. Jailbroken phones make security attacks easier, but that’s to be expected when you modify the software against Apple’s wishes.
Wirelurker works by faking its app signature, which is required to run on the iPhone. The attack takes advantage of an enterprise exception that allows organizations to install their own custom software onto iPhones. These signed IDs are usually difficult to obtain, only available to established companies, but Wirelurker is able to forge a signature.
The most worrying thing about Wirelurker is that it works on non-jailbroken iPhones too.
For now, Wirelurker is contained to China and only a small number of devices have been infected. Palo Alto Network estimates that “hundreds of thousands of users” in China have been impacted. However, subsequent attacks using Wirelurker could affect many more users. The loophole makes it hard for Apple to patch since enterprise customers require the ability to install their own apps.
Apple responded by blocking the identified apps, preventing them from launching. The company also urges users not to download software outside of its app stores for iPhone and Mac.
Palo Alto Networks recommends users install an antivirus on their Mac as well checking that the Allow apps downloaded from Mac App Store (or Mac App Store and identified developers is checked in System Preferences. This ensures only approved software checked by Apple gets installed. On your iPhone, make sure you’re running the latest version of iOS, which includes up-to-date security. Last but not least, do not pair your iPhone with computers you don’t absolutely trust.
Source: Palo Alto Networks
Follow me on Twitter: @lewisleong