DS Forums

 
 

iPhone Malware Is Hitting China - Let’s Not Be Next


Reply
Thread Tools Search this Thread
Old 07-10-2015, 10:30
Mark in Essex
Forum Member
 
Join Date: Mar 2005
Posts: 3,644

Just cut and pasted it from the news.

Had a quick read and it looks like iPhones that have not even been Jailbroken in China can get infected by simply clicking on a popup window (but you never know with the hyped up rubbish that's normally in the news).

Just to make people aware.

http://www.wired.com/2015/10/iphone-...lets-not-next/

By the sound of it it's only older versions of IOS that it's easy to get infected with, but newer versions are still not immune (reading you have to select YES to get infected on newer versions).
Mark in Essex is offline   Reply With Quote
Please sign in or register to remove this advertisement.
Old 07-10-2015, 11:04
BKM
Forum Member
 
Join Date: Jul 2007
Posts: 6,288
Just cut and pasted it from the news.

Had a quick read and it looks like iPhones that have not even been Jailbroken in China can get infected by simply clicking on a popup window (but you never know with the hyped up rubbish that's normally in the news).
I am afraid you are well out of date!! This was fully discussed here about two weeks ago.

It has all been fixed by Apple and no longer applies. Basically Apple review all AppStore new Aps and revisions of existing ones and, very briefly, people worked out how to defeat this.
BKM is offline   Reply With Quote
Old 07-10-2015, 11:21
Stuart_h
Forum Member
 
Join Date: Jul 2005
Posts: 3,474
I am afraid you are well out of date!! This was fully discussed here about two weeks ago.

It has all been fixed by Apple and no longer applies. Basically Apple review all AppStore new Aps and revisions of existing ones and, very briefly, people worked out how to defeat this.
The article was, in part, discussing the aftermath of the recent breaches and the impacts moving forward. It wasn't scaremongering about a current issue ..... It was actually quite an interesting read.
Stuart_h is offline   Reply With Quote
Old 07-10-2015, 14:17
Mark in Essex
Forum Member
 
Join Date: Mar 2005
Posts: 3,644
I am afraid you are well out of date!! This was fully discussed here about two weeks ago.

It has all been fixed by Apple and no longer applies. Basically Apple review all AppStore new Aps and revisions of existing ones and, very briefly, people worked out how to defeat this.
I thought it was a new article as it was dated yesterday and did not seem to be to do with the last App Store malware - this looked like you can get malware just by clicking on a popup link on the Internet?
Mark in Essex is offline   Reply With Quote
Old 07-10-2015, 15:11
Stig
Forum Member
 
Join Date: Sep 2003
Location: Sandy Heath, Beds. UK
Posts: 10,383
I thought it was a new article as it was dated yesterday and did not seem to be to do with the last App Store malware - this looked like you can get malware just by clicking on a popup link on the Internet?
Yes, this is different from the one we discussed:
In at least the most recent of these two attacks, victims did have to make an almost comical series of blunders to have their phone hacked. The malware, which Palo Alto Networks called YiSpecter in its detailed writeup, tricked users into circumventing Apple’s tightly controlled App Store to install a porn video player. (In some cases the hackers used local internet service providers in China, which are known to hijack traffic to insert ads on websites, to advertise the sexy video app in pop-up prompts.) If the user fell for that lure, the hackers managed to skirt Apple’s App Store and install the app by using a so-called “enterprise certificate,” a system that allows companies and agencies to install their own custom programs on employees’ phones without Apple’s signoff.
Stig is offline   Reply With Quote
Old 07-10-2015, 15:11
clonmult
Forum Member
 
Join Date: Oct 2005
Location: UK
Posts: 3,291
I am afraid you are well out of date!! This was fully discussed here about two weeks ago.

It has all been fixed by Apple and no longer applies. Basically Apple review all AppStore new Aps and revisions of existing ones and, very briefly, people worked out how to defeat this.
Different issue, but iirc it relates to some enterprise features that not all will have enabled.
clonmult is offline   Reply With Quote
Old 07-10-2015, 22:41
jchamier
Forum Member
 
Join Date: Mar 2000
Location: This forum
Posts: 3,392
Different issue, but iirc it relates to some enterprise features that not all will have enabled.
Enterprise provisioning profiles allow companies an ability to have an internal "app store" and deploy "managed applications" which are categorised separately by iOS. These applications don't back up to iCloud or iTunes and can share data with other managed apps, but not unmanaged apps.

Someone shipped out a profile and convinced people to install it, which means it was social engineering.

Weak point is always the human.
jchamier is offline   Reply With Quote
 
Reply




 
Forum Jump


All times are GMT. The time now is 05:01.