Apple’s iOS devices have a reputation for being entirely resistant to malware due to Apple’s meticulous vetting process before apps are released in the iTunes store. However, a new piece of malicious software has popped up that involves exploiting a known vulnerability in Apple’s own DRM security technology, called Fairplay.
When iOS users download apps through iTunes on their computer, then install them on their iOS device, the iOS device will request an authorization code that was given at the time of purchase to prove the app was legitimately purchased. What hackers have done is download an app, steal the authorization code, then using software that spoofs iTunes, they can trick users into downloading apps. Exploiting Fairplay to fool iOS devices allows users to install pirated apps on phones, but this is the first time it’s been used to install malware on iPhones without the user’s knowledge.
So far the attack only affects Windows PC users in China, since the malware uses geotagging to activate, but that could easily be changed. Unfortunately, it is so easy to trick iTunes by using a helper client, that it is only a matter of time before it’s used to install other malware.
Apple was made aware of the issue by Palo Alto Networks and they removed the malicious apps. Unfortunately, the apps only had to been made available through the app store once to have a working authorization code. For now, the only surefire way to keep your iOS device safe is to make sure your security settings only allow Mac App Store apps.