Apple blocks malicious software Wirelurker on iPhones

Apple blocks malicious software Wirelurker on iPhones

Identified by security researchers Palo Alto Networks on Wednesday, the malware has been spotted shipping alongside pirated copies of Chinese Mac apps, before jumping to iPhones and iPads over a USB cable.

Apple says that it is “aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching.”

The company did not elaborate on how it is carrying out the blocking, but did emphasise that “as always, we recommend that users download and install software from trusted sources”.

The infected apps were discovered on the Maiyadi App Store, a third-party application store based in China which is largely filled with pirated and unauthorised copies of major apps, such as Dropbox, Spideroak and Autodesk.

Wirelurker works by abusing capabilities in Apple’s operating systems designed to enable large enterprises to install their own applications on employees’ devices. That enables the malware to not only scrape data from affected users’ iOS devices, but even go so far as to install third-party applications on those devices, and infect installed applications.

It is the first in-the-wild malware family that can do this, and only the second ever that attacks iOS devices through OS X via USB.

A second Apple vulnerability disclosed this week, known as Rootpipe, remains unpatched. The researcher who discovered it has not revealed how the vulnerability, which lets attackers gain root privileges without entering a password, can be abused, and says he is waiting for Apple to issue a patch.

Related Post

Google’s Chrome gets a neat new trick to speed up browsing
views 62
If you've got an Android phone in your pocket it's worth updating the Chrome browser. Google has just released a new version of the popular web softw...
Credit card company MasterCard wants to replace passwords with selfies
views 55
MasterCard is looking to the future of online payments security. The credit card company is experimenting with a mobile app that uses facial recogniti...
Instagram bans #EDM Hashtag
views 85
A week after banning the #goddess, photo-sharing app Instagram has now prohibited the popular #EDM, a common abbreviation for electronic dance music b...
Samsung Galaxy S6 and S6 Edge on the way
views 36
According to a report by SamMobile, Samsung’s Project Zero will unveil two flagships for the year 2015—a Galaxy S series and the Edge series. The Sam...

SHARE WHAT YOU THINK