Attackers are exploiting a weakness in Apple’s digital rights management technology to install malicious apps on supposedly protected, non-jailbroken iOS devices. Although the targets appear to be in China, the technique could work anywhere.
In late February, security researchers from Palo Alto Networks found three malicious applications on the official App Store. An analysis revealed the malicious apps were part of a scheme to steal Apple IDs and passwords from Chinese users under the guise of an alternative app store.
The more interesting aspect of the apps: In addition to being published on the official Apple App Store, they were also silently installed through software running on users’ Windows PCs.
To read this article in full or to leave a comment, please click here