Apple Passwords On Jailbroken iPhones Vulnerable To New Malware

Apple devices which have been jailbroken are apparently vulnerable to a type of malware named for a library which is installed on devices that have been infected. Ars Technica spotted a couple of threads on Reddit and a blog post from security researcher Stefan Esser, who ran a static analysis on the code which Reddit users were able to isolate on their devices.

Apple Passwords On Jailbroken iPhones Vulnerable To New Malware

How the new malware targets Apple devices

According to Esser, the unflod library gets into the Apple device’s SSLWrite function. The library scans that function for any strings which go along with the Apple password and ID, which are sent to the company’s servers. Whenever the malware locates those credentials, it also transmits them to servers which are controlled by the malware’s creator.

Readers of Reddit said Apple users can find out if their devices have been infected by opening up the SSH / Terminal and then searching the folder /Library/MobileSubstrate/DynamicLibraries. If the device is infected, that folder will contain the file Unflod.dylib. According to Ars Technica, devices which have been compromised could be cleared by deleting the dynamic library. However, so far no one knows how the malware came to exist in the Apple devices, so it is unknown whether the file will reappear.

How to get rid of unflod

As a result, Esser recommends that users restore their devices, which unfortunately means they will lose their jailbreak until a new one is released. He doesn’t think most jailbreak users will do it. iOS users who do discover that their devices have been compromised are advised to change the password for their Apple ID as soon as they can.

Not all Apple devices vulnerable

Esser told Ars Technica that the code appears to only work on 32-bit iOS devices which have been jailbroken. He said there isn’t a 64-bit ARM version of it in the version of the library he analyzed. As a result, he said the malware shouldn’t work on the iPhone 5S, the iPad Air or the iPad Mini 2G.

About the Author

Michelle Jones
Michelle Jones was a television news producer for eight years. She produced the morning news programs for the NBC affiliates in Evansville, Indiana and Huntsville, Alabama and spent a short time at the CBS affiliate in Huntsville. She has experience as a writer and public relations expert for a wide variety of businesses. Michelle has been with ValueWalk since 2012 and is now our editor-in-chief. Email her at