CIP Cyber

AceDeceiver: New iOS malware can infect any Apple device

Table of Contents

A devastating iOS malware has been discovered today by PaloAlto researcher Claud Xiao; which has been dubbed as “AceDeceiver”. AceDeceiver is the first of its kind because it doesn’t require any enterprise certificates to install itself any iOS devices. This means regardless of the facts that your iOS device is non-jailbreak AceDeceiver malware can affect your iOS device.

The malware has exploited the flaws in Apple’s digital rights management (DRM) protection mechanism FairPlay. This is the first incident when a FairPlay MITM technique has been used to spread malware. Previously we have seen only pirated iOS apps unfurl by using this technique. ‘AceDeceiver’ has raised many question on Apple’s code review process.

Source: PaloAltoNetworks

So far the AceDeceiver has only infected iOS users of China. These attackers were using new techniques to bypass the Apple security codes. In a blog post published on PaloAlto; the reasons are mentioned which makes AceDeceiver more dangerous than any other iOS malware discovered before.

  • It doesn’t require an enterprise certificate, hence this kind of malware is not under MDM solutions’ control, and its execution doesn’t need user’s confirmation of trusting anymore.
  • It hasn’t been patched and even when it is, it’s likely the attack would still work on older versions of iOS systems.
  • Although the effected apps are removed from App Store; but that doesn’t mean the malware has gone away. Attackers do not need the malicious apps to be always available in App Store for them to spread – they only require the apps ever available in App Store once, and require the user to install the client to his or her PC.
  • AceDeceiver doesn’t require victim to install malicious app – instead it does that for them.  
  • The attack requires a user’s PC to be infected by malware first, after that, the infection of iOS devices is completed in the background without the user’s awareness.
There were three occasions when an app containing AceDeceiver malware has bypassed the Apple codes and landed in official App store. The first app was released in July last year – the second was released three months later, while the third one is released in January this year,
 The only similarity between those three apps are – all of them are wallpaper apps. These apps are removed from app store last month; but the goals of attackers may well have been accomplished. And also showed many that it’s not impossible to bypass the security codes of App store. 
 
 
CIP Cyber Staff

CIP Cyber Staff

CIP Cyber Staff comprises CIP cybersecurity experts committed to delivering comprehensive information on critical infrastructure protection. The content covers diverse topics, equipping professionals to defend organizations and communities in an ever-evolving cyber landscape.

Most popular

Industrial Cybersecurity

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings

Related Articles

Best 5 Ways to Track an iPhone Remotely

In a world where almost everything revolves around smartphones, losing your iPhone is a big inconvenience. Besides the hefty price tag, there is huge data

Want always be up to date?

Don't miss the latest news

By subscribing to our mailing list, you will be enrolled to receive our new trainings, latest blog posts, product news, and more.

CIP Training & Certifications

Transform your cybersecurity skills with CIP Cyber’s comprehensive training & course offerings