Security researchers announced last week they had discovered in the wild a method of infecting ‘non-jail-broken’ iPhones with malware by exploiting design flaws in Apple's digital rights management technology (DRM).
The flaw, which has been exploited since 2013 largely as a means to pirate iOS software, has now been used to infect iPhones with malware. Three infected apps were uploaded to the App Store, since mid-2015, each of which managed to avoid detection by Apple.
Though Apple removed these three apps from the App Store, after it was reported to them in late February 2016, experts warn, the attack is still viable because it only requires these apps to have been available in the App Store once. As long as an attacker could get a copy of authorization from Apple, the attack does not require current App Store availability to spread those apps.
While the malware appears to currently affect only users in mainland China, it is a sign of bigger problems for Apple because it is a blueprint for infecting other ‘non-jail-broken’ iPhones. The same attackers or others aiming to copy the attack technique could begin to infect more regions around the world.
The new flaw underlines the need for Apple and other hardware makers to focus more resources on protecting the data on phones rather than on just the devices. People are not interested in just securing devices; they are more interested in securing their data. If you lose your phone, you can always buy another phone, but if you lose your data, that can be something very difficult to replace.