Security experts at Palo Alto Networks warn of a new breed of malware targeting Apple products-- "WireLurker," a piece of software able to install malicious 3rd party apps on iPhones and iPads.
"WireLurker monitors any iOS device connected via USB with an infected OS X computer and installs downloaded 3rd party applications or automatically generated malicious applications onto the device, regardless of whether it is jailbroken," Palo Alto Networks says. "This is the reason we call it “wire lurker”."
As mentioned above, the WireLurker is particularly nasty as it is the first able to crack through even non-jailbroken iDevices via enterprise provisioning. So far it appears to have only reached users in China, as it currently lurks in apps available in Maiyadi, a Chinese 3rd party app store. According to Palo Alto Networks 467 apps were infected during the last 6 months, potentially hitting hundreds of thousands of users.
“Even though this is the first time this is happening, it demonstrates to a lot of attackers that this is a method that can be used to crack through the hard shell that Apple has built around its iOS devices.” security expert Ryan Olson tells the New York Times.
Palo Alto Networks recommends that users avoid software 3rd party app stores, ensure their OS is up to date and that they set "Allow apps downloaded from Mac App Store (or Mac App Store and identified developers)” in the OS X Systems Preferences panel. It also says enterprises should route mobile device traffic through a threat prevention system.
Meanwhile Apple says it has already blocked the identified malicious apps, preventing them from launching.
In other Apple-related security news, Swedish white-hat hacker Emil Kvarnhammar identifies a serious security hole in Yosemite OS X-- "Rootpipe", a so-called "privilege escalation vulnerability" providing attackers to be with root access to a machine, without need for a password.
Apple is still to fix to flaw, but Kvarnhammer recommends users to not run their systems on a daily basis with an admin account, thus limiting the admin permissions potential hackers can access. He also suggests the use of Apple's FileVault tool, which encrypts HDDs with only a minimal hit on performance.
Go WireLurker: A New Era in OS X and iOS Malware
Go Malicious Software Campaign Targets Apple Users in China (NYTimes)
Go Swedish Hacker Finds "Serious" Vulnerability in OS X Yosemite (Macworld.com)
