Attackers exploit Apple DRM weakness to infect non-jailbroken iOS devices

Attackers are exploiting a weakness in Apple’s digital rights management technology to install malicious apps on supposedly protected, non-jailbroken iOS devices.

In late February, security researchers from Palo Alto Networks found three malicious applications on the official App Store. An analysis revealed the malicious apps were part of a scheme to steal Apple IDs and passwords from Chinese users under the guise of an alternative app store.

The more interesting aspect of the apps: In addition to being published on the official app store, they were also silently installed through software running on users’ Windows PCs.

An iOS device that hasn’t been jailbroken, and hasn’t had its security restrictions removed, should only be able to run apps downloaded from the App Store or installed through the iTunes software from users’ PCs.

To read this article in full or to leave a comment, please click here