Apple Is Blocking Infected Apps

Updated on

Chinese iOS users were at risk of being infected by the malware if they connected their non-jailbroken device to a Mac which was running one of the affected apps.

Apple Inc. (NASDAQ:AAPL) has since stated: “We are aware of malicious software available from a download site aimed at users in China, and we’ve blocked the identified apps to prevent them from launching. As always, we recommend that users download and install software from trusted sources.”

Security risks

A security company called Palo Alto Networks was the first to report the issue in a white paper. However security researcher Jonathan Zdziarski has since written a blog post, in which he warns against complacency after the apparently easy blocking of WireLurker.

“The bigger issue here is not WireLurker itself; WireLurker appears to be in its infancy, and is mostly a collection of scripts, property lists, and binaries all duct-taped together on the desktop, making it easy to detect. The real issue is that the design of iOS’ pairing mechanism allows for more sophisticated variants of this approach to easily be weaponized,” he wrote.

The problem with Apple’s trusted devices

A more professional attack of this kind could cause major damage because once a device is paired with a Mac, there are almost no limits as to what the Mac can do to the device.

Zdziarski advocates three changes in order to improve iOS security. He says there need to be far more specific warnings about installing apps, which can currently be installed by clicking on just one prompt. Next he urges Apple to disable Enterprise Mode by default, because the feature is used by a small minority of clients, but leaves the security of all iOS devices at risk.

His last point concerns permissions given to apps. He says that apps should have to ask the user for permission to install software, and only iTunes and Xcode should be able to do so freely. Zdziarski advocates a much tighter management of “Trusted Pairing Relationships,” with apps having to ask permission to access the data, just as they for contacts and geo-location.

Leave a Comment