Apple has been scrupulously keen about keeping malwares out of its systems for decades now. Apple’s systems are revered for their ability to avoid viruses and malwares as much as possible, but it appears that Apple’s meticulous designs have a flaw after all which is being explored by an iOS malware called ACeDeceiver. The first of its kind, this malware does not abuse enterprise certificates which were being done by some iOS malwares in the last two years. Instead, it abuses design flaws which exist in Apple’s DRM protection mechanism.
AceDeceiver uses a technique known as Fairplay Man in the Middle (MITM) to spread malware to the devices. For the uninitiated, Apple’s users can purchase and download iOS apps by using their computers to access the app store. Once the app is downloaded to their system, the users connect the iOS device to the computer to install the devices. The iOS device requests an authorization code which ensures that the users have actually paid for the app. Pirated apps were developed in the Fairplay MITM attack where attackers intercepted the code and saved it which tricked the iOS device into believing that the user had purchased the app. While this was a concern for Apple, it had never been used to spread malware before.
Between July 2015 and February 2016, three wallpaper apps which belonged to the AceDeceiver family, were uploaded to the App Store. They even bypassed Apple’s code review about seven times. AceDeceiver shows malicious behaviors only when a user is located in China. However, the fact that non-jailbroken iOS devices can be vulnerable too means that Apple needs to work quickly to secure its systems even more.
AceDeceiver does not require users to manually install the app. Instead, it is automatically installed to the iOS device and even though the apps have now been removed from the App Store, the attacker may have already succeeded in proving that Apple’s security systems have vulnerabilities.