Apple's 'whack-a-mole' approach to security threats is leaving enterprises vulnerable to new variants of exploits underlying the WireLurker and Masque Attack malware, claims a security firm.
According to a report by Marble Security, while Apple has taken steps to block WireLurker, this in no way prevents future versions of this malware from infecting computers by using different enterprise certificates or new versions of the WireLurker. It also doesn't protect iPhone and iPad users who sync to Windows PCs.
"Apple's responses to the WireLurker and Masque Attack operations illustrate that iOS is entering the 'whack-a-mole' era of malware defense, similar to that experienced during the last decade with PCs," said Dave Jevans, founder and chief technology officer at Marble Security. "Being proactive rather than reactive is essential in preventing these iOS vulnerabilities and exploits from affecting enterprise networks, and implementing mobile device security solutions is a huge step in achieving this."
According to Apple, Masque Attack was only a threat to users who had disabled Apple's own security controls, but this is little more than a dialog box that asks a user if they want to trust an enterprise provisioning certificate. If a user clicks "Yes," then the iOS device can have malicious apps installed.
This isn't a bug, but instead a way for enterprises to push proprietary apps to devices. However, now that it has been used as an attack vector once, it is likely to be used again.
According to the report, almost every major corporate security breach over the past three years has been the result of spear-phishing attacks against targeted employees or consultants, and mobile attacks are now the fastest growing category of threats.
"The electronic crime underground has already begun exploiting mobile devices, and it will only intensify attacks on employees, making dynamic protection against malicious apps more critical than ever for mobile users -- even those with iOS," said Jevans.