Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]

Groups > comp.sys.mac.system > #81580

Re: YiSpecter Malware Targets Non-Jailbroken iOS Devices

From Lloyd Parsons <lloydp211@gmail.com>
Newsgroups comp.sys.mac.system, comp.os.linux.advocacy
Subject Re: YiSpecter Malware Targets Non-Jailbroken iOS Devices
Date 2015-10-05 17:58 +0000
Message-ID <d7fs2sFcrtfU3@mid.individual.net> (permalink)
References <c6e99f3bdea56102996b09469de159ad@foto.nl1.torservers.net> <d7frg4Fbto2U7@mid.individual.net>

Cross-posted to 2 groups.

Show all headers | View raw

On Mon, 05 Oct 2015 17:48:52 +0000, Jolly Roger wrote:

> On 2015-10-05, Anonymous <anonymous@foto.nl1.torservers.net> wrote:
>> ooops.  Looks like Apple is crapple.
>>
>> Apple's iOS mobile operating system is under attack in China and
>> Taiwan, according to security firm Palo Alto Networks.
>>
>> The company identified malware, dubbed YiSpecter, which—unlike most
>> other malware affecting iOS devices—can target non- jailbroken iPhones
>> and iPads.
>>
>> http://www.pcmag.com/article2/0,2817,2492540,00.asp
> 
> YiSpecter uses an enterprise provisioning certificate, which is designed
> to give enterprises a way to bypass the App Store and associated
> approval processes to easily distribute apps to employees of a company.
> They also allow companies to set key rules like lock screen password or
> PIN security and other policies. Enterprise certificates cost the
> developer $500 a year and will be revoked by Apple if they are caught
> abusing them.
> 
> The apps in question require the user to first install an Enterprise
> provisioning certificate, which iOS presents as an UNTRUSTED certificate
> that requires the user to actively tap "Trust" to continue. Users can
> also list and manage installed provisioning profiles in Settings >
> General > Profiles.
> 
> Assuming the user installed this untrusted provisioning profile, the
> user must then download the offending app that must be signed by the
> same certificate - so that one company's apps cannot be installed via
> another company's certificate - from some place *other* than the Apple
> App Store.
> 
> Enterprise certificates automatically expire after one year. So the user
> will have to download and "Trust" another certificate (assuming Apple
> allows another to be created) for every year afterward.
> 
> Apple to revoke said certificate in 3... 2... 1...
> 
> Hardly the end of the world.
> 
> Keep trolling, trollboi.

Yeah, <yawn>...  :)

Another non-issue that made for good click bait!!




-- 
Lloyd

Back to comp.sys.mac.system | Previous | NextPrevious in thread | Next in thread | Find similar

Thread

YiSpecter Malware Targets Non-Jailbroken iOS Devices Anonymous <anonymous@foto.nl1.torservers.net> - 2015-10-05 13:32 -0400
  Re: YiSpecter Malware Targets Non-Jailbroken iOS Devices Jolly Roger <jollyroger@pobox.com> - 2015-10-05 17:48 +0000
    Re: YiSpecter Malware Targets Non-Jailbroken iOS Devices Lloyd Parsons <lloydp211@gmail.com> - 2015-10-05 17:58 +0000
    Re: YiSpecter Malware Targets Non-Jailbroken iOS Devices Big Bad Bob <BigBadBob-at-mrp3-dot-com@testing.local> - 2015-10-05 15:17 -0700
      Re: YiSpecter Malware Targets Non-Jailbroken iOS Devices Jolly Roger <jollyroger@pobox.com> - 2015-10-05 22:30 +0000
    Re: YiSpecter Malware Targets Non-Jailbroken iOS Devices nospam <nospam@nospam.invalid> - 2015-10-05 19:36 -0400
      Re: YiSpecter Malware Targets Non-Jailbroken iOS Devices Jolly Roger <jollyroger@pobox.com> - 2015-10-06 00:08 +0000
  Re: YiSpecter Malware Targets Non-Jailbroken iOS Devices Savageduck <savageduck1@{REMOVESPAM}me.com> - 2015-10-05 13:11 -0700

csiph-web