Apple on YiSpector iOS malware: Don't download from untrusted sources and keep updated

Common sense security practices, once again, save the day.

Palo Alto Networks

Earlier this week malware researchers discovered malware that appeared to be able to bypass the security built into iOS.

The malware, dubbed YiSpector, was reported to be able to infect non-jailbroken Apple devices using enterprise certificates and private APIs. It originated in Taiwan and China and used several methods to gain access to iPhones and iPads, including hijacking traffic from ISPs, an SNS worm on Windows, as well as an offline app installation.

Once installed on a device YiSpector was able to download, install, replace, and launch apps, displaying ads within other apps, change Safari's default engine, and uploading user information to remote servers.

In a statement to The Loop, Apple said:

"This issue only impacts users on older versions of iOS who have also downloaded malware from untrusted sources. We addressed this specific issue in iOS 8.4 and we have also blocked the identified apps that distribute this malware. We encourage customers to stay current with the latest version of iOS for the latest security updates. We also encourage them to only download from trusted sources like the App Store and pay attention to any warnings as they download apps."

Some takeaways from this:

  • Updated devices are safe.
  • Don't download stuff from untrusted sources.
  • If you're running old versions of iOS, then you need to update.
  • If you can't update iOS - for example you're still using an iPhone 4 that is stuck on iOS 7.1.2 - then you're on your own.
  • Pay attention to any warnings - especially certificate-related warnings - when downloading apps.

See also: