Just recently, two severe vulnerabilities in Qualcomm Snapdragon chip and Stagefright were spotted on the Android platform, affecting more than a Billion and Millions of devices respectively.
And now:
Hackers have discovered a new way to install malicious apps onto your iPhone without your interaction.
Researchers at Palo Alto Networks have uncovered a new strain of malware that can infect Non-Jailbroken (factory-configured) iPhones and iPads without the owner's knowledge or interaction, leaving hundreds of millions of Apple iOS devices at risk.
Dubbed AceDeceiver, the iPhone malware installs itself on iOS devices without enterprise certificates and exploits designing flaws in Apple's digital rights management (DRM) protection mechanism called FairPlay.
What's more concerning about this malware:
Unlike most iOS malware, AceDeceiver works on factory-configured (non-jailbroken) iOS devices as well.
FairPlay is an Apple's software program that prevents people from stealing purchased apps from its official App Store.
However, with the help of AceDeceiver's "FairPlay Man-in-the-Middle (MITM) technique," hackers can install malicious apps on your iPhone even without your knowledge, simultaneously bypassing Apple's other security defenses.
According to researchers, the FairPlay Man-In-The-Middle (MITM) technique has been in use since 2013, as a way to distribute pirated iOS apps.
"In the FairPlay MITM attack, attackers purchase an app from App Store then intercept and save the authorization code," Claud Xiao from Palo Alto Networks explains in a blog post. "They then developed PC software that simulates the iTunes client behaviors, and tricks iOS devices to believe the app was purchased by the victim."
However, this is the first time the FairPlay technique has been used to spread malware on iOS devices, as the creator of the pirated software can install potentially malicious apps without your knowledge.
Currently, the malicious behaviors related to AceDeceiver has been spotted in China, but researchers warn that the malware could be easily configured to target iPhone users of other geographic regions as well.
For more details, you can head on to Palo Alto Networks' blog post about the AceDeceiver threat.
