Apple Inc. (NASDAQ:AAPL) in China is seeing a new threat in which its iPhones and the iPads are being attacked through the Mac OS X operating system, according to a United States security firm. Palo Alto Networks said the software is dubbed “WireLurker” because it drives into action when Apple’s iOS mobile operating system connects via USB to a Mac laptop or desktop.
Apple Mac OS X applications threatened
The software comes hidden within apps downloaded from China’s third-party Mac OS X app stores, and then it adds malevolent code to legitimate iOS apps. The malware attack is limited to China as of now.
Apple has not faced any such threat before even though this sort of attack has been seen since 2003, according to Ryan Olson of Palo Alto Network’s threat research team. According to Olson, “For the general user, it’s not something you need to light your hair on fire about.” Olson added that the technology being used at present makes Mac and iOS more similar to the problem faced by Windows and Android pairings.
Around 467 Mac OS X applications which are offered by a Chinese third-party application store called Maiyadi were found to be infected with WireLurker. Such apps included names like The Sims 3, International Snooker 2012 and Pro Evolution Soccer 2014.
WireLurker not limited to jailbroken devices
WireLurker is unlike a majority of iOS bugs, which are restricted to jailbroken devices. One of the WireLurker versions can also target devices that are not jailbroken. In that version, the malicious software uses a digital certificate that is offered by the company to enterprise developers so that they run their own application in-house. With a digital certificate in hand, the malware can install on the iOS device, although it would display a warning to users, according to Olson. Once the user has accepted the installation request, WireLurker could be installed along with a legitimate application.
Oslon said that they are in contact with the Apple team, but the company is not aware of the attacks. “There’s no vulnerability here for them to patch, but they certainly want to be aware of malware and how it works,” Olson said.
According to Olson, the first step for Apple would be to rescind the enterprise digital certificate. Also the iPhone maker can issue an update to detect WireLurker in XProtect, Apple’s antivirus engine.