A bad week in security for Apple?

Yes, indeed, it’s been a bad week in Apple security news.

Just yesterday an adware attack was discovered that targets the Apple OS X operating system, and is believed to be a viable way for attackers to insert Trojans into the systems of unsuspecting victims. According to this SC Magazine story, A new piece of adware opens door to Trojans on OS X, “Researchers from Dr Web, a Russian anti-malware company, found a kind of adware, titled Adware.Mac.WeDownload.1, with a modified version of Adobe Flash player. The adware was discovered on a wedownload.com domain.”

The adware will ask the user to grant it admin rights in to install Adobe Flash Player, and if the user bites on the hooked bait, the app will download Program.Unwanted.MacKeeper, Mac.Trojan.Crossrider, Mac.Trojan.Genieo, Mac.BackDoor.OpinionSpy, and various other Trojans, SC Magazine reported.

Also yesterday, news broke that security researcher Jose Rodriguez struck again, publishing a video that details an iOS 9 security gaffe that makes it possible for someone to bypass a lock screen to access photos and contacts on a device. Rodriguez found a similar security flaw a couple years ago in iOS 6.1.3.

The video he published that details the rather involved lock screen circumvention is available on YouTube.

If this security vulnerability worries you, AppleInsider reports that “In lieu of an permanent solution from Apple, concerned users can disable Siri lock screen access by navigating to Settings > Touch ID & Passcode, entering their current passcode and deactivating Siri under the “Allow access when locked” heading. Alternatively, the bypass can be thwarted by creating a custom alphanumeric passcode.”

Additionally, in what could be a serious flaw for enterprises, news broke earlier in the week that Apple’s iOS 9 breaks VPN connections for a number of enterprise servers, so users who upgraded to iOS 9 may or may not have issues when trying to access corporate resources through the encrypted VPN tunnel. The flaw seems to be most prominent in VPNs utilizing split-tunnel connections.

From CSO’s story iOS 9 breaks VPNs, prevents server access for many:

As a result, depending on your network setup, DNS resolution won’t succeed for some servers. Thus, some of your corporate servers will no longer be available to users who successfully sign in via the VPN, but other servers will remain available. The availability is not random — if a server isn’t available due to this bug, it stays unavailable.

The bug does not affect connections to servers from within corporate networks, so users will be able to access your internal servers as expected. It’s only when using the VPN that the access is no longer certain.

The bug affects all VPN connections, not only those made from the widely used Cisco AnyConnect client. There are reports from people using other providers’ VPNs or even iOS’s built-in VPN that their VPN connections — all IPSec in the reports I’ve seen — have similar problems.

As if that wasn’t enough for the week of bad news for Apple security, there was the malware infestation on Apple’s App Store that we covered earlier in the week in the post Developers increasingly in hackers’ crosshairs, which explains how counterfeit copies of Apple Xcode development software were staged on Chinese servers and infected with malware known as XcodeGhost. Apps built with the bogus toolsets, uploaded to the App Store and downloaded to user devices would contain malware that would give attackers certain levels of access to the device.

Initially that attack was suspected to impact about 300 apps; however, reports out last night point to a much broader infection of about 4,000 apps, as reported in this BBC News story Apple App Store malware ‘infected 4,000 apps.’ Most but not all of the apps are available predominately in the Chinese market.

Apple provided advice to developers on validating their versions of Xcode. The company also said it would host legitimate copies of Xcode on servers based in China, which hopefully would reduce the incentive for Chinese developers to look for locally hosted copies (which download more quickly than copies hosted outside the country)  that could be tainted with malicious software.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

%d bloggers like this: