AceDeceiver: First iOS Trojan Exploiting Apple DRM Design Flaws to Infect Any iOS Device

Palo Alto Networks ^ | March 16, 2016 5:00 AM | Claud Xiao

[Utilizer]

We’ve discovered a new family of iOS malware that successfully infected non-jailbroken devices we’ve named “AceDeceiver”.

What makes AceDeceiver different from previous iOS malware is that instead of abusing enterprise certificates as some iOS malware has over the past two years, AceDeceiver manages to install itself without any enterprise certificate at all. It does so by exploiting design flaws in Apple’s DRM mechanism, and even as Apple has removed AceDeceiver from App Store, it may still spread thanks to a novel attack vector.

AceDeceiver is the first iOS malware we’ve seen that abuses certain design flaws in Apple’s DRM protection mechanism — namely FairPlay — to install malicious apps on iOS devices regardless of whether they are jailbroken. This technique is called “FairPlay Man-In-The-Middle (MITM)” and has been used since 2013 to spread pirated iOS apps, but this is the first time we’ve seen it used to spread malware. (The FairPlay MITM attack technique was also presented at the USENIX Security Symposium in 2014; however, attacks using this technique are still occurring successfully.)

[Utilizer]

Malware for macolytes found!

[hawaiianninja]

It was bound to happen.

[SecondAmendment]

And as usual, Microsoft’s abysmal security is the attack vector ... (please read the full article before responding)

[RockyTx]

Microsoft has excellent security.
Gates is secure, you are not.
exactly what Gates wants.

on top of that,
it is time to upgrade your lease of
Word(tm) for Windows v.754 to V.755
pay up or else

[Mark17]

,

[Swordmaker]

AceDeceiver: a new/old method of installing malware onto an iOS device. Don't worry. This users a very roundabout means of installing a malware that requires steps NO ONE USES to get unauthorized iOS Apps from third party iOS App Stores and install them using a Windows PC Transloader application from Chinese third party iOS App Stores looking to sell unauthorized iOS apps. This one works only through a non-iTunes transloader on a Windows PC. A few of the AceDeceiver Apps were uploaded to the Chinese Apple App Store, but would STILL require using the PC transloader to be properly installed on an iPhone. This appears to be another CHINESE iOS problem. . . which has not appeared in the Apple App Store anywhere else. Palo Alto Research loves to post these breathless announcements as if they were major problems in the US when they are not. — PING!

Apple Security Alert
Ping!

The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.

If you want on or off the Mac Ping List, Freepmail me