Apple seems to have a weakness that hackers can easily take advantage of and infect iOS devices, even if they are not jailbroken.
The weakness is said to be associated with the digital rights management technology of the company and it grows into a concern where it can be used to install malicious apps on your iPhone or iPad.
It all started late last month when security experts came across three suspicious apps on the iTunes App Store. After scrutinizing the apps, it was found that they were tracking users with the intentions of getting their Apple IDs and passcodes. Funny enough, these apps found their way into the App Store – something Apple claims is not possible due to the heavy security measures in place.
As mentioned earlier, this hole can be exploited by attackers and infect even those devices that are said to be extremely secure. Any iOS device that hasn’t gone through a jailbreaking process can only work with apps installed through the App Store. Alternatively, one can install apps on this device via iTunes installed on a PC. To ensure that the iTunes-installed app is actually coming from the App Store, the iOS device usually checks the app as part of Cupertino’s FairPlay DRM technology.
Apparently, there is a way the iOS device can be tricked into allowing an app to install via iTunes installed on a PC, yet this app was acquired under a different Apple ID. The attacker successfully sends instructions to an already hacked PC so that it installs apps on an iPhone connected to the PC, thus bypassing the usual DRM checks. This can keep going on even if the app is removed from the App Store since copies of the same can still be distributed. This was first discovered in 2014 and it seems it still works.
This is not the first time Apple’s App Store has been found to home rogue apps in the recent past. As it seems, bypassing Apple’s security check s has become a no-brainer for many attackers. In either case, the malicious app first posed as a genuine application and obtained clearance into the App Store. Furthermore, the attackers are only targeting devices in China; however, this doesn’t mean you shouldn’t stay vigilant of the attacks. Remember, you don’t need to have a jailbroken device in order to be worried, the exploit also works on non-jailbroken iPhones too.