Unfortunately today we’ve got some bad news for some users… According to a new details published on (GTISC) Georgia Tech Information Security Center, the center published a post saying that they’ve discovered a newly iOS vulnerability that allows malware installation via seemingly innocuous apps.
The weakness circumvents Apple’s security measures and paves the way to “significant security threats to the iOS platform.†We’re expecting a swift response on Apple’s part and a fix via a future update…
According to a media release Georgia Tech put out last week, researcher Billy Lau and his team showed off the security exploit at Black Hat.
The malware allows attackers to sneak malware past Apple’s app review process and install it onto iOS devices silently, without you being aware of any suspicious activity.
Wang’s approach hides malicious code that would otherwise get rejected during the Apple review process. Once the malicious app passes review and is installed on a user’s device, it can be instructed to carry out malicious tasks.
Our research shows that despite running inside the iOS sandbox, a Jekyll-based app can successfully perform many malicious tasks, such as posting tweets, taking photos, sending email and SMS, and even attacking other apps – all without the user’s knowledge.
They say that Apple is working on fixing this issue as soon as possible…
For what it’s worth, iOS 7 has fixed that vulnerability
In the meantime, Apple is hoping to take iOS security to the next level this Fall with a bunch of capabilities like Activation Lock, a new iOS 7 feature that renders stolen devices useless by denying a carrier activation, even after the thief has wiped the device clean of data or disabled the Find My iPhone service.
