Apple Partners Not Sounding The Alarm As New iOS Malware AceDeceiver Surfaces

Apple iPhones and iPads may be vulnerable to a new strain of malware, dubbed AceDeceiver, which can infect non-jailbroken devices, according to security firm Palo Alto Networks.

"As of this writing, it looks as though AceDeceiver only affects users in mainland China. The bigger issue, however, is that AceDeceiver is evidence of another relatively easy way for malware to infect non-jailbroken iOS devices," Palo Alto Networks stated in a blog post. "As a result, it's likely we'll see this start to affect more regions around the world, whether by these attackers or others who copy the attack technique."

The malware exploits certain design flaws in FairPlay, Apple’s digital rights management protection mechanism, to infect non-jailbroken devices without the user's knowledge. AceDeceiver, which has not yet been patched, automatically installs apps from the infected computer and does not require an enterprise certificate.

[Related: Head-To-Head: Samsung Galaxy S7 Vs. Apple iPhone 6s]

id
unit-1659132512259
type
Sponsored post

Michael Oh, chief technology officer and founder of Tech Superpowers, a Boston-based Apple partner, said he didn’t view AceDeceiver as an immediate threat to any of his customers.

"I'm not particularly alarmed [by AceDeceiver]," said Oh. "There seem to be a lot of 'ifs' that have to happen for this to get onto a device. Users need to be using iTunes, download particular applications, have their devices running on Windows."

While iPhone and iPad users may not need to worry about AceDeceiver, Oh and other Apple partners said that businesses should be constantly wary of security threats. "Everyone needs to be on their toes about security at this point," he said.

Malware has commonly installed pirated apps on iPhones through FairPlay in a technique termed FairPlay Man-In-The-Middle (MITM).

"AceDeceiver is the first iOS malware we’ve seen that abuses certain design flaws in Apple’s DRM protection mechanism -- namely FairPlay -- to install malicious apps on iOS devices regardless of whether they are jailbroken," said Palo Alto Networks in the blog post.

According to Santa Clara, Calif.-based Palo Alto Networks, from July 2015 to February 2016, three AceDeceiver apps were uploaded to the App Store, posing as wallpaper apps and allowing attackers to steal Apple IDs and passwords from victims. Apple has removed these three apps from the App Store as of February.

While AceDeceiver affects users only in China as of yet, Palo Alto Networks warned that other attackers would probably copy the Fairplay MITM technique, as the flaw hasn’t yet been patched.