Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.sys.mac.system > #81578
| From | Jolly Roger <jollyroger@pobox.com> |
|---|---|
| Newsgroups | alt.comp.freeware, comp.sys.mac.system, alt.hacker, alt.privacy.anon-server, comp.os.linux.advocacy |
| Subject | Re: YiSpecter Malware Targets Non-Jailbroken iOS Devices |
| Date | 2015-10-05 17:48 +0000 |
| Organization | People for the Ethical Treatment of Pirates |
| Message-ID | <d7frg4Fbto2U7@mid.individual.net> (permalink) |
| References | <c6e99f3bdea56102996b09469de159ad@foto.nl1.torservers.net> |
Cross-posted to 5 groups.
On 2015-10-05, Anonymous <anonymous@foto.nl1.torservers.net> wrote: > ooops. Looks like Apple is crapple. > > Apple's iOS mobile operating system is under attack in China and > Taiwan, according to security firm Palo Alto Networks. > > The company identified malware, dubbed YiSpecter, which—unlike > most other malware affecting iOS devices—can target non- > jailbroken iPhones and iPads. > > http://www.pcmag.com/article2/0,2817,2492540,00.asp YiSpecter uses an enterprise provisioning certificate, which is designed to give enterprises a way to bypass the App Store and associated approval processes to easily distribute apps to employees of a company. They also allow companies to set key rules like lock screen password or PIN security and other policies. Enterprise certificates cost the developer $500 a year and will be revoked by Apple if they are caught abusing them. The apps in question require the user to first install an Enterprise provisioning certificate, which iOS presents as an UNTRUSTED certificate that requires the user to actively tap "Trust" to continue. Users can also list and manage installed provisioning profiles in Settings > General > Profiles. Assuming the user installed this untrusted provisioning profile, the user must then download the offending app that must be signed by the same certificate - so that one company's apps cannot be installed via another company's certificate - from some place *other* than the Apple App Store. Enterprise certificates automatically expire after one year. So the user will have to download and "Trust" another certificate (assuming Apple allows another to be created) for every year afterward. Apple to revoke said certificate in 3... 2... 1... Hardly the end of the world. Keep trolling, trollboi. -- E-mail sent to this address may be devoured by my ravenous SPAM filter. I often ignore posts from Google. Use a real news client instead. JR
Back to comp.sys.mac.system | Previous | Next — Previous in thread | Next in thread | Find similar
YiSpecter Malware Targets Non-Jailbroken iOS Devices Anonymous <anonymous@foto.nl1.torservers.net> - 2015-10-05 13:32 -0400
Re: YiSpecter Malware Targets Non-Jailbroken iOS Devices Jolly Roger <jollyroger@pobox.com> - 2015-10-05 17:48 +0000
Re: YiSpecter Malware Targets Non-Jailbroken iOS Devices Lloyd Parsons <lloydp211@gmail.com> - 2015-10-05 17:58 +0000
Re: YiSpecter Malware Targets Non-Jailbroken iOS Devices Big Bad Bob <BigBadBob-at-mrp3-dot-com@testing.local> - 2015-10-05 15:17 -0700
Re: YiSpecter Malware Targets Non-Jailbroken iOS Devices Jolly Roger <jollyroger@pobox.com> - 2015-10-05 22:30 +0000
Re: YiSpecter Malware Targets Non-Jailbroken iOS Devices nospam <nospam@nospam.invalid> - 2015-10-05 19:36 -0400
Re: YiSpecter Malware Targets Non-Jailbroken iOS Devices Jolly Roger <jollyroger@pobox.com> - 2015-10-06 00:08 +0000
Re: YiSpecter Malware Targets Non-Jailbroken iOS Devices Savageduck <savageduck1@{REMOVESPAM}me.com> - 2015-10-05 13:11 -0700
csiph-web