AceDeceiver: New iOS malware can infect any Apple device
A devastating iOS malware has been discovered today by PaloAlto researcher Claud Xiao; which has been dubbed as "AceDeceiver". AceDeceiver is the first of its kind because it doesn't require any enterprise certificates to install itself any iOS devices. This means regardless of the facts that your iOS device is non-jailbreak AceDeceiver malware can affect your iOS device.
The malware has exploited the flaws in Apple's digital rights management (DRM) protection mechanism FairPlay. This is the first incident when a FairPlay MITM technique has been used to spread malware. Previously we have seen only pirated iOS apps unfurl by using this technique. 'AceDeceiver' has raised many question on Apple's code review process.
So far the AceDeceiver has only infected iOS users of China. These attackers were using new techniques to bypass the Apple security codes. In a blog post published on PaloAlto; the reasons are mentioned which makes AceDeceiver more dangerous than any other iOS malware discovered before.
The malware has exploited the flaws in Apple's digital rights management (DRM) protection mechanism FairPlay. This is the first incident when a FairPlay MITM technique has been used to spread malware. Previously we have seen only pirated iOS apps unfurl by using this technique. 'AceDeceiver' has raised many question on Apple's code review process.
 |
| Source: PaloAltoNetworks |
So far the AceDeceiver has only infected iOS users of China. These attackers were using new techniques to bypass the Apple security codes. In a blog post published on PaloAlto; the reasons are mentioned which makes AceDeceiver more dangerous than any other iOS malware discovered before.
- It doesn’t require an enterprise certificate, hence this kind of malware is not under MDM solutions’ control, and its execution doesn’t need user’s confirmation of trusting anymore.
- It hasn’t been patched and even when it is, it’s likely the attack would still work on older versions of iOS systems.
- Although the effected apps are removed from App Store; but that doesn't mean the malware has gone away. Attackers do not need the malicious apps to be always available in App Store for them to spread – they only require the apps ever available in App Store once, and require the user to install the client to his or her PC.
- AceDeceiver doesn't require victim to install malicious app - instead it does that for them.
- The attack requires a user’s PC to be infected by malware first, after that, the infection of iOS devices is completed in the background without the user’s awareness.
There were three occasions when an app containing AceDeceiver malware has bypassed the Apple codes and landed in official App store. The first app was released in July last year - the second was released three months later, while the third one is released in January this year,
The only similarity between those three apps are - all of them are wallpaper apps. These apps are removed from app store last month; but the goals of attackers may well have been accomplished. And also showed many that it's not impossible to bypass the security codes of App store.
