The malware has exploited the flaws in Apple’s digital rights management (DRM) protection mechanism FairPlay. This is the first incident when a FairPlay MITM technique has been used to spread malware. Previously we have seen only pirated iOS apps unfurl by using this technique. ‘AceDeceiver’ has raised many question on Apple’s code review process.
So far the AceDeceiver has only infected iOS users of China. These attackers were using new techniques to bypass the Apple security codes. In a blog post published on PaloAlto; the reasons are mentioned which makes AceDeceiver more dangerous than any other iOS malware discovered before.
- It doesn’t require an enterprise certificate, hence this kind of malware is not under MDM solutions’ control, and its execution doesn’t need user’s confirmation of trusting anymore.
- It hasn’t been patched and even when it is, it’s likely the attack would still work on older versions of iOS systems.
- Although the effected apps are removed from App Store; but that doesn’t mean the malware has gone away. Attackers do not need the malicious apps to be always available in App Store for them to spread – they only require the apps ever available in App Store once, and require the user to install the client to his or her PC.
- AceDeceiver doesn’t require victim to install malicious app – instead it does that for them.
- The attack requires a user’s PC to be infected by malware first, after that, the infection of iOS devices is completed in the background without the user’s awareness.