WireLurker, Masque Attack malware only a threat for users who disable Apple's iOS, OS X security

Apple Insider

[Swordmaker]

WireLurker, Masque Attack malware only a threat for users who disable Apple's iOS, OS X security

Feature By Daniel Eran DilgerDespite headlines fretting of a "new era in OS X and iOS malware," Apple's security systems for iOS and OS X are working as intended to protect users from exposure to the ubiquitous malware affecting open platforms including Android and Windows. Here's the realistic, non-sensationalized facts about how safe Apple's users actually are and how users can remain protected from threats that arise.

Mac and iOS users are protected from viruses and malware by default unless the user bypasses their security systems, by jailbreaking an iOS device; by disabling the protections of Mac OS X's GateKeeper; or by choosing to "Trust" app installs that iOS identifies as being from an "Untrusted App Developer." Here's how those systems work, and how users can avoid being tricked into turning off their own security.

Mac and iOS users who do not defeat Apple's security systems are not at risk

"WireLurker," a recent trojan horse attack detailed by Palo Alto Networks, was blocked in all forms—even on Macs with key security features disabled—by Apple within hours.

"We are aware of malicious software available from a download site aimed at users in China, and we've blocked the identified apps to prevent them from launching," Apple wrote in a statement last week.

Apple has previously used XProtect to remotely disabled user-installed Mac malware ("trojan horses," like the Russian Yontoo blocked last year) or software components with serious potential security vulnerabilities (such as Oracle Java), nipping problems in the bud before they could develop into an unmanageable security problem.

XProtect is so effective that the last significant malware issue for Macs (named Flashback) was a trojan horse masquerading as Adobe Flash Player that was specifically intended to disable XProtect (although the malware couldn't actually do this).WireLurker and Masque Attack aren't viral and can't infect users unless they intentionally disable their security and manually install apps bypassing Apple's builtin trust verification systems for iOS and Macs.

Masque Attack, a related exploit that shares one of the vulnerability vectors exploited by WireLurker, similarly requires users to "Trust" a request to install software from an unknown source, a step that Apple has now made effortlessly easy. Fortunately, users who inadvertently trust such apps from Untrusted Developers can review their iOS Provisioning Profiles to disable any self-signed certificates they have already approved.

WireLurker and Masque Attack are not viral and can't infect users unless they intentionally disable their security and manually install apps bypassing Apple's builtin trust verification systems for iOS and Macs.

No need to be terrified in ignorance

That hasn't stopped sensational blogs from confusing users about how safe they actually are. Chris Smith, writing for BGR, spent paragraphs trying to convince readers that a minor distribution of Chinese malware "should terrify you," even though the identified malware has been circulating for months in China without actually delivering a real payload of malware outside of the wide open world of jailbroken devices.

Mac and iOS users have no need to be "terrified," but should understand in general terms how Apple's security systems work so they can't be fooled into installing malware. This is becoming a more complex issue because Apple now makes it easier than ever to bypass security on iOS, although it still requires an explicit "Trust" approval from the user.

Ironically, just two years ago the Electronic Frontier Foundation was demonizing the on-by-default security of iOS and OS X as "Apple's Crystal Prison" and an "elaborate misdirection," and called upon the company to provide a "simple, documented, and reliable way to drill into a settings menu, unlatch the gate of the crystal prison, and leave."

WireLurker, Masque Attack require users to "unlatch the gate of the crystal prison and leave"

WireLurker is unique in that it first attempted to fool Mac users into installing the malware. Once a user disables the Mac's security and manually installs a WireLurker-bearing third party Mac app, the app could seek to install malicious code on a USB-attached iOS device that has been jailbroken, or it could attempt to copy malware to a non-jailbroken iOS device using enterprise app deployment tools, the same vector that Masque Attack uses.

WireLurker is not currently a real threat because Apple immediately blocked it from running on the Mac using XProtect, and revoked the enterprise credentials that allowed it to move from Macs to a connected iOS device. Apple's security measures are working as intended, but users can still be tricked into installing software using the mechanisms Apple created to allow corporate users to develop and install their own custom apps outside of the App Store.

Here's an overview of Apple's OS X and iOS security systems and how they work.

How Apple's Mac XProtect works

Apple's XProtect subsystem of OS X is configured to deploy a blacklist of known malware definitions to Mac users within hours of malicious software being discovered. Macs automatically check for new malware definitions every day, and immediately begin blocking any new threats Apple identifies.

XProtect works like a very simple antivirus scanner—which is all Macs need because Apple has secondary systems that work to prevent malicious code from being installed in the first place. These are measures that have been proven to work—as long as users don't turn them off.

First introduced back in 2009—five years ago—for OS X 10.6 Snow Leopard, Apple's XProtect system is always on. Unlike more complex antivirus scanning tools designed for Windows, Apple's XProtect system for Macs doesn't consume significant memory or CPU resources because it isn't constantly scanning through every file and email on the system looking for bad code.

XProtect doesn't need to; unlike Android or Windows, the Mac platform is not under relentless attack from viruses and spyware. When a rare new exploit appears for Macs (or iOS), the discovery is actually considered big news. These attacks are not just rare, but also quite easy to prevent and fix, due to a series of security-first decisions built into Macs and iOS devices.

Apple has incrementally improved its security on iOS and has brought security features pioneered on iOS to its OS X Mac platform, deploying barriers that limit what apps can run, what data they can access and what privileges they can assume. With these protections in place, Apple's users don't have to be (or hire) computer science experts to avoid exposure to malware, spyware and adware problems.

How iOS app signing and OS X GateKeeper work

While XProtect disables malware a Mac user has manually installed, GateKeeper prevents users from installing apps from unsafe sources to start with. GateKeeper, introduced in 2012 for OS X 10.8 Mountain Lion, effectively brought iOS-style secure app signing to the desktop PC.

Many in the tech community have expressed outrage over Apple's tightening security rules. After GateKeeper was unveiled, Ellis Hamburger wrote the article "Sandbox of frustration: Apple's walled garden closes in on Mac developers," for The Verge, stating that "developers lashed out at Apple for its new rules when Mountain Lion was announced back in February, in part because of how much effort might go into re-architecting their apps."

A few months later, David Streitfeld similarly wrote for the New York Times that Apple's ability to dictate rules governing the iOS App Store "might be detrimental for the Internet as a whole."

Apple's mobile iOS was designed from the start to prevent the installation of "unsigned" third party software. When Apple opened the iOS App Store in 2008, it required that all iOS apps be signed (encrypted) with a security certificate. iOS is designed to only run apps that the system can verify as both being from a reputable source and being unmodified since being signed by the developer.

When a developer deploys apps through Apple's App Store, the app is "signed" or encrypted by the developer's private key. Under iOS, there's no way to turn this off unless users purposely "jailbreak" the security system, a process that exploits an existing vulnerability in order to turn off the system's verification of app signatures.

The dangers of sideloading apps

In early 2013, five years deep into the unparalleled success of Apple's iOS App Store, Dylan Love of Business Insider concluded that the tiny percentage of iOS users trying to jailbreak their phones was evidence that Apple should downgrade its security policies.

"This is clearly Apple's customer base sending a strong message that they want more out of the proverbial 'walled garden,'" he stated.

Android has a similar, but optional, code signing feature for apps, but Google made a series of mistakes that have weakened its ability to block or disable malware on the platform. This summer, Android's Fake ID vulnerability sprung from the fact that Android simply failed to properly verify certificates, allowing any app on the system to pretend to be software that the system gives broad access.

This issue still affects most Android users who shop for apps outside of Google Play and who haven't applied a patch for the flaw—an issue complicated by the fact that most Android users are working with basic device that cost less than $200 and are not regularly (or ever) updated by the hardware maker or the carrier.

Google actually encourages users to sideload apps by calling permissive software installation a "feature" while disparaging Apple's App Store as a "walled garden" of restrictions. That's resulted in a series of complex security and privacy issues for Android that effectively exploit users of often low-end devices—who are the least likely to understand how dangerous it is to allow any app that comes knocking to figuratively come through the front door and crawl into your bed.

In stark contrast, Apple has made the deployment of up to date iOS and OS X releases such a priority that the majority of Apple's users can and do install updates rapidly, while users of other platforms frequently can't obtain patches or updates at all, even if they do know about them and want to install them.

However, Apple has also make it increasingly easy for corporations and individuals to self sign and distribute their own apps to users who trust them. This has opened the door to the same types of "sideloading" security issues that exist on Android for users who trust apps from unknown sources.

App signing blocks piracy, creating a legitimate market for apps

In each new iOS release, Apple regularly defeats the mechanisms jailbreakers use to bypass iOS security, because jailbreaking is a direct threat to the App Store's high volume, low price market place. Apple doesn't make it easy to jailbreak because jailbroken iOS devices can pirate apps. App signing is a protection for developers as well as end users, effectively policing iOS for bad behavior.

Without an effective security system, iOS would look like the Windows or Android platforms: widespread software piracy, ubiquitous malware and virulent attacks that make it easy to infect and spy on large populations of unaware users. If there's no police to stop looting, trespassing and robberies, those problems rapidly grow out of control.

iOS and OS X lock down the platform to protect the people that benefit from low priced, higher quality apps: end-users and developers. This comes at the expense of malware writers and people who would rather steal apps, but it also impacts people who want to distribute code Apple does not approve for distribution in the App Store.

Enterprise app provisioning opens up potential new threats

Enterprise users may want to distribute a custom app to only their own employees, rather than making it available in the App Store. For these users, Apple has made it possible to effectively sideload iOS apps along with a provisioning profile that vouches for the app.

Apple continues to closely regulate iOS apps, because it does not want to revert iOS back to an insecure platform where legitimate-looking apps from multiple sources can pretend to be things they are not, violating users trust and exploiting them. However, enterprise app provisioning opens up new vectors for distributing bad apps if users choose to "Trust" apps from Untrusted Developers.

Before iOS, malicious desktop software writers could create and distribute bad code pretending to be a legitimate tool, tricking users into running it. Malware could also hide by copying itself into other apps on the system, modifying them the same way a real-world virus injects its DNA into healthy cells, forcing them to replicate more of its own DNA. A software virus is software that can replicate itself by fooling the system to run its replication code.

iOS app signing security (and the identical GateKeeper for OS X) creates walls that prevent all these scenarios from even being possible. First, by default Macs and iOS device don't allow users to install software that isn't signed by a known developer. Both systems also check apps for modification before running them, blocking anything that has been infected or otherwise tampered with after its developer signed it.

Apps are also barred from promiscuously reading data in other apps, and must ask for user permission from the system to access the user's contacts, photos, location or other kinds of data. iOS and OS X app signing have effectively blocked viruses from existing on Apple's platforms, and make it easier for users to protect themselves from other non-viral malware that depends upon tricking the user, rather than the computer.

Setting GateKeeper to "Anywhere" is the equivalent to jailbreaking iOS

On Macs, Apple's app signing security is branded as "GateKeeper," although the feature is exposed to users only within the Security & Privacy panel of System Preferences under the General tab (without any "GateKeeper" signage). By default, this is set to "Mac App Store and identified developers" (as shown below).

This setting allows the system to only run signed apps from the Mac App Store or "sideloaded" apps that have been signed by a certificate authority the Mac recognizes, such as an enterprise developer distributing its own custom apps signed by a certificate the company registers with Apple.

This can be further restricted to only allow apps to run titles from the App Store, or it can be effectively disabled by selecting "Anywhere," which allows users to manually install malware, including apps infected with bad code like WireLurker's.Opting out of Apple's security makes the end user responsible for managing their own security, similar to the wide open worlds of malware, spyware and adware popups that infest rival platforms

Unlike iOS, where Apple thwarts users from running non-signed apps at all, Mac users can turn off GateKeeper completely. This exposes them to risks the default Mac settings prevent, and is similar to deactivating antivirus software under Windows. Users should be extremely careful about allowing unsigned Mac apps to run.

In addition to turning off app-signing security with the "Anywhere" setting, users can temporarily bypass GateKeeper security by attempting to launch an unsigned app. After getting a warning that the app has been blocked from running, the user can manually go into System Preferences and click a one-time button that forces the system to run the previously blocked, unsigned app. This is as inherently dangerous as turning off GateKeeper entirely.

Trusting an Untrusted App Developer's iOS app is equivalent to jailbreaking

Once users disable the Mac's security defenses by installing unsigned apps, the malware they install can further infect iOS devices. In the case of WireLurker, an iOS payload app, signed by a enterprise developer certificate, could be installed. Once installed, the app could exploit vulnerabilities in iOS to do further damage, although the current version of WireLurker only exploited the enterprise app development path to deliver a comic book app as a demonstration of its abilities.

Masque Attack similarly relies on corporate provisioning to trick users into letting their guard down and approving untrusted apps. When distributed with a provisioning profile, a potentially malicious app simply requests through the system that the user "Trust" the installation. If the user clicks trust, the system installs a provisioning profile that enables that app to run on that iOS device, bypassing normal App Store rules.

However, Apple's corporate provisioning system opens up even more serious issues than simply allowing users to turn off basic security; as detailed by researchers at FireEye, a malicious app can report itself to the user as something basic and innocuous, then present itself to the system as being a replacement for an existing app, similar in some respects to the Fake ID issue involving Android this summer.

By giving itself the Bundle Identifier of an existing app, once the user "Trusts" the installation, the malware app can not only replace another app the user trusts, but can also inherit its data. This essentially lets malware trick a user into updating a known app into a bad app, without the user being aware that what they though they were installing is actually overwriting another app on the system.

The researchers presented an example of an app pretending to be "New Flappy Bird" to entice the user to Trust its installation, but then identifying itself to the system as being com.google.Gmail, allowing it to take over the user's Gmail app. It could then ask for the user's credentials, posing as the Gmail app to steal their login. When it replaces the app, such malware could also glean sensitive data from the original app's caches.

Even worse, Apple exempts custom corporate apps from its App Store rules including limitations on access to private APIs and sandboxing. This allows any malware that can trick the user into "Trust" installing it to do things that App Store titles are strictly prevented from doing, including background monitoring, spoofing system password requests to trick users into presenting their account logins, and even taking advantage of other vulnerabilities to gain even greater access to the system.

Don't Trust apps from Untrusted App Developers!

The researchers who identified Masque Attack therefore advise users "Don't install apps from third-party sources other than Apple's official App Store or the user's own organization."

The group also warns users, "Don't click 'Install' on a pop-up from a third-party web page, no matter what the pop-up says about the app. The pop-up can show attractive app titles crafted by the attacker."

Thirdly, it notes, "When opening an app, if iOS shows an alert with 'Untrusted App Developer,' as shown in Figure 3 (above), click on "Don't Trust" and uninstall the app immediately."

One of the side benefits of iOS requiring apps to be signed by a developer certificate is that once a malware author steals, borrows or otherwise obtains a legitimate app-signing certificate and uses it to install malware on iOS devices, Apple can revoke the signature, which blocks the signed app from being run.

When users "Trust" a self signed app from an "Untrusted App Developer," iOS 7 also installs an enterprise provisioning profile that can be seen in Settings / General / Profiles / Provisioning Profiles. Under iOS 8, the group notes that "devices don't show provisioning profiles already installed on the devices and we suggest taking extra caution when installing apps."

Security professionals asking Apple to make iOS even less like Google's Android

The combination of iOS app signing, GateKeeper and Xprotect make it easy for Apple to address and block problems before they occur, and even arrest issues related to users bypassing the provided security. Apple's users will always be under attack, but they are safer than users on other platforms that make security less of a focus.

Rather than asking Apple to relax its software "walled garden" policies as the tech media has been demanding for years, security professionals are recommending that Apple make its App Store walls even stronger.Rather than asking Apple to relax its software "walled garden" policies as the tech media has been demanding for years, security professionals are recommending that Apple make its App Store walls even stronger

FireEye specifically called on Apple "to provide more powerful interfaces to professional security vendors to protect enterprise users from these and other advanced attacks."

Security expert Jonathan Zdziarski has also called on Apple to make iOS "do a better job of prompting the user before installing applications," noting that a "more thorough explanation to the user about what they are about to click OK to will likely help prevent a number of users from allowing the software to install on iOS in the first place."

He further recommends that Apple disable enterprise app installations by default, stating that the "vast majority of non-enterprise users will never need a single enterprise app installed, and any attempt to do so should fail. So why doesn't Apple lock this capability out unless it's explicitly enabled?"

Zdziarski also recommends tighter app policies that would block malware from pretending to be another app on installation, including new rules to link a corporate provisioning signing certificate to the app bundle identifier, and even limit an app's bundle identifier to accessing web services using the matching hostname (for example, ensuring that an app identified as com.facebook.messenger could only send data to servers identified as messenger.facebook.com.

Another recommendation from Zdziarski is to use the secure element of new iOS devices to validate apps, although only new iPhone 6 models and the latest batch of iPads with Touch ID incorporate a secure element.

[Swordmaker]

Neither WireLurker nor Masque are much of a threat. They are only a risk for OS X and iOS users who TURN OFF their SECURITY and do STUPID THINGS! — PING!

Apple SECURITY Ping!

If you want on or off the Mac Ping List, Freepmail me.

[Swordmaker]

Apple Insider Article Source Link that did not post for some reason:

Wirelurker/Masque Attack malware only a threat for users who disable Apple's iOS and OS X Security Appleider Article.

[Swordmaker]

Sorry this posting is not up to my usual standards. It posted while I was in the middle of cutting and pasting the specifics of the article before I could include any of the graphics from the article. My internet connection blipped. Go to the link above to see everything in the article.

[Captainpaintball]

I have a question...

I bought eset security in 2013. I like it, wanted to get 2014, but couldn't afford it. I plan on getting it soon.

Since installing Yosemite, I can't get it to run at all. I click on the icon, and it just doesn't run. The Icon doesn't appear up in the top right corner next to the clock and the wifi and the bluetooth icons.

What do you think it is?

[Swordmaker]

Ironically, just two years ago the Electronic Frontier Foundation was demonizing the on-by-default security
of iOS and OS X as"Apple's Crystal Prison" and an "elaborate misdirection," and called upon the
company to provide a "simple, documented, and reliable way to drill into
a settings menu, unlatch the gate of the crystal prison, and leave."


Apple's XProtect subsystem of OS X is configured to deploy a blacklist
of known malware definitions to Mac users within hours of malicious
software being discovered. Macs automatically check for new malware definitions
every day, and immediately begin blocking any new threats Apple identifies.


Android's FakeID issue still affects most Android users who shop for apps
outside of Google Play and who haven't applied a patch for the flaw--an issue
complicated by the fact that most Android users are working with basic
device that cost less than $200 and are not regularly
(or ever) updated by the hardware maker or the carrier.


iOS and OS X lock down the platform to protect the people
that benefit from low priced, higher quality apps: end-users and developers.


Setting OS X's GateKeeper to "Anywhere" is the equivalent to jailbreaking iOS


A potentially malicious iOS app simply requests
through the system that the user "Trust" the installation.

[Nailbiter]

bfl close read

[dila813]

Everything that is in this puff piece is true about Android and Microsoft.

No differences. That being said, I like Apple hardware.

[Swordmaker]

I bought eset security in 2013. I like it, wanted to get 2014, but couldn't afford it. I plan on getting it soon.

What do you think it is?

Frankly, Cap'n, I think it is totally unnecessary to run anti-virus on a Mac.

Every Mac OS X for the last five years has had its own built in xProtect anti-malware built in that will identify all the known Mac malware already and any other commercial anti-virus unethically TURNS THAT OFF so they can claim they found malware AFTER it downloads! Apple's xProtect prevents it from downloading, being installed, or being run in the first place, warning the user of it's presence. Your Mac contacts Apple every day and checks for any new malware definitions to add to its xProtect files. Ergo, there is no need for a third party anti-virus to be purchased or installed.

Essentially 99.9% of any malware that ESET, or any Mac anti-virus, anti-malware software is going to find is malware for Windows imbedded in email that cannot effect your Mac in the least. The other 0.1% are OS X trojans that you might inadvertently download, if you were to attempt to download something from an untrusted source other than the Apple Mac App store. . . all of which Apple's xProtect would prevent from happening. IF, you should by some means, copy it onto your Mac, xProtect will tell you:

In answer to your question as to why it may not be working. These commercial anti-viruses modify the OS to hook themselves into the OS at a very basic level. . . and switch off xProtection. Yosemite is a re-write of the Operating System and ESET's hooks just may not be in the same locations anymore. Alternately, the run at start-up may have been disabled and fixing it may be as simple as requiring a re-install of the ESET 2013 to re-establish those files.

As I said, I generally disagree with the philosophy of running anti-virus on any of the Macs I am responsible for. . . and that is quite a few, as I run many networked Macs for several businesses. Not once in over 16 years has any of the OS X Macs been infected by malware. . . and in dozens of Macs, there is not one instance of third party anti-virus software. Only Apple's xProtect.

I once even ran my personal OS X Mac without a firewall for two years with no anti-virus to see what would happen. What happened was NOTHING. There are websites that can test your exposure and when I had that Mac tested, they did not even see it was on their websites. It was invisible to them.

I would not run a Mac today without a firewall, but then it was safe to do.

[Swordmaker]

Everything that is in this puff piece is true about Android and Microsoft.

It is now true about Microsoft in many ways, but read it about Android. It isn't true about Android.

[Swordmaker]

Everything that is in this puff piece is true about Android and Microsoft.

Android users are encouraged to "sideload" apps from many sources. According to the article and other sources, there are over 500 Android App stores with malicious apps on them. Not so at all with iOS, OS X, or even with Windows.

[Captainpaintball]

Hmmm...I trust your knowledge over mine, that's for sure. I will look to see if I can find xProtect to see if it is running.

I think, as you said, the Yosemite installation disabled the eset.

Thank you for your assistance.

[Swordmaker]

For those of you who want to do stupid things:

Pangu tool for Mac can jailbreak iOS 8 devices

by Seth Fitzgerald on November 10, 2014 at 8:33 am

Pangu tool for Mac can jailbreak iOS 8 devicesPangu, a jailbreak tool for iOS 8 devices, launched on Windows a few weeks ago. Now, the tool is available on Mac, and it will let users jailbreak their device if it is running iOS 8 through iOS 8.1. Once Pangu is downloaded and available, jailbreaking a phone or tablet takes just a few minutes.

Cydia has given the tool its approval, and Pangu was originally created by Chinese hackers. iOS 8 and 8.1 are still quite new, so having the ability to jailbreak devices running them means the hackers are on top of things, despite Apple’s new security measures.

Jailbreaking remains useful for some people who want extra software and features, but the process can result in security problems. Additionally, once a phone has been jailbroken, it is hard to find official support for it. Only those who are truly unable to use their phone in the way they want to should consider jailbreaking with Pangu or any other tool.

Apple’s upcoming version of its mobile operating system, iOS 8.1.1, will get rid of the security holes that are exploited by Pangu. Until a new jailbreak comes out, users will need to avoid iOS 8.1.1 if they want to keep their device jailbroken.

I do not endorse this action, nor do I certify that Pangu is not itself malware. It is, after all, written by Chinese Hackers. . . use at your own risk.

[dila813]

There is a default setting flag, allow application downloads from untrusted sources, you have to disable this to get to the other stores.

[Swordmaker]

Hey, Cap'n, here's how you turn it back on if it's off.

Open a terminal window. You'll find Terminal inside Utilities in Applications then cut and paste this into the Terminal at the prompt and then press Return or Enter:

defaults write com.apple.LaunchServices LSQuarantine -bool YES

That will turn xProtect back on if it has been turned off.

If for some reason you WANT to turn it off, put the same command in the Terminal and change the "YES" to "NO" and press Return or Enter.

[Tzfat]

Thanks for the post. There really is no need for anti-virus on a Mac as long as you do not disable the built-in protection. Even then, you have to be pretty stupid to get infected.

I have a side business writing apps for the Apple Mac and iTunes stores. I have also written and sold Windows software for 25 years, I still do, but most of my business income comes from Apple.

For decades, I have had to keep constant monitoring of my Windows installations to make sure I was up-to-date on AV etc. Adware was the worst. Mac OS X? Nada.

iOS, not jail broken? Please, all the recent hype sounds as if it was written by Google evangelists. Nada, zip on iOS...

[House Atreides]

VERY useful post Swordmaker. I have no idea if I’ve ever managed to unknowingly turn off xProtect but, just to be safe, I followed your instruction on how to set it to on.

[conservatism_IS_compassion]

Thanks for the post/ping, SM.

I would not run a Mac today without a firewall

What firewall provisions do you recommend for someone who is on a Comcast modem/router?

[PA Engineer]

Everything that is in this puff piece is true about Android and Microsoft.

That is very special. Why don't you post your own thread?

[Swordmaker]

iOS, not jail broken? Please, all the recent hype sounds as if it was written by Google evangelists. Nada, zip on iOS...

You are right about this one. . . IF a concatenation of unlikely events occurs, a so-called "vulnerability" in OSX and IOS could allow an app to be installed. WHOW! That vulnerability is that a computing device can install an app! Who'd a thunk it? And, you have to be stupid and turn off every security protection provided so that app to can be installed from an untrusted source that has not been checked for safety. More brain dead zombie stupidity. So, not being checked, that app may not only not be safe accidentally, it might be deliberate malicious! Run and shout, scare the rubes!

(In fact, anyone who'd fall for this would be safe from zombies; they want brains!)

Samsung is bleeding both market share and profit share yet their marketing budget of $14 billion in the cellphone area has not been reduced an iota. Their media buys are no where near that figure. They pay a lot out in FUD spreaders. . . and I would not be surprised to learn that they sponsor research in hacking iOS to spread negative reports. Their CEO is a twice convicted criminal. . . fraud, tax evasion, and other crimes. . . but Samsung's political pull is so great in Korea he gets Pardoned. Samsung's business model is theft of intellectual property. . . so I would not put this past them.

Microsoft invented the Fear, Uncertainty, and Doubt (FUD) technique of marketing back in the '80s and '90s and perfected it, paying pundits, posters, and bloggers to post negative commentary about their competitors in concentrated campaigns. Samsung and Google are continuing the practice. Some who have received the payments have spoken out revealing the practice. I've been accused of it on Apple's behalf although it is untrue.