Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > comp.sys.mac.system > #81689
| From | Jolly Roger <jollyroger@pobox.com> |
|---|---|
| Newsgroups | alt.comp.freeware, comp.sys.mac.system, alt.hacker, alt.privacy.anon-server, comp.os.linux.advocacy |
| Subject | Re: YiSpecter Malware Targets Non-Jailbroken iOS Devices |
| Date | 2015-10-06 00:08 +0000 |
| Organization | People for the Ethical Treatment of Pirates |
| Message-ID | <d7ghokFh4poU10@mid.individual.net> (permalink) |
| References | <c6e99f3bdea56102996b09469de159ad@foto.nl1.torservers.net> <d7frg4Fbto2U7@mid.individual.net> <051020151936059090%nospam@nospam.invalid> |
Cross-posted to 5 groups.
On 2015-10-05, nospam <nospam@nospam.invalid> wrote: > In article <d7frg4Fbto2U7@mid.individual.net>, Jolly Roger ><jollyroger@pobox.com> wrote: >> > Apple's iOS mobile operating system is under attack in China and >> > Taiwan, according to security firm Palo Alto Networks. >> > >> > The company identified malware, dubbed YiSpecter, which?unlike >> > most other malware affecting iOS devices?can target non- >> > jailbroken iPhones and iPads. >> > >> > http://www.pcmag.com/article2/0,2817,2492540,00.asp >> >> YiSpecter uses an enterprise provisioning certificate, which is designed >> to give enterprises a way to bypass the App Store and associated >> approval processes to easily distribute apps to employees of a company. >> They also allow companies to set key rules like lock screen password or >> PIN security and other policies. Enterprise certificates cost the >> developer $500 a year and will be revoked by Apple if they are caught >> abusing them. >> >> The apps in question require the user to first install an Enterprise >> provisioning certificate, which iOS presents as an UNTRUSTED certificate >> that requires the user to actively tap "Trust" to continue. Users can >> also list and manage installed provisioning profiles in Settings > >> General > Profiles. >> >> Assuming the user installed this untrusted provisioning profile, the >> user must then download the offending app that must be signed by the >> same certificate - so that one company's apps cannot be installed via >> another company's certificate - from some place *other* than the Apple >> App Store. >> >> Enterprise certificates automatically expire after one year. So the user >> will have to download and "Trust" another certificate (assuming Apple >> allows another to be created) for every year afterward. >> >> Apple to revoke said certificate in 3... 2... 1... > > apple said the issue was fixed months ago in ios 8.4: There you go. What a lame troll. -- E-mail sent to this address may be devoured by my ravenous SPAM filter. I often ignore posts from Google. Use a real news client instead. JR
Back to comp.sys.mac.system | Previous | Next — Previous in thread | Next in thread | Find similar
YiSpecter Malware Targets Non-Jailbroken iOS Devices Anonymous <anonymous@foto.nl1.torservers.net> - 2015-10-05 13:32 -0400
Re: YiSpecter Malware Targets Non-Jailbroken iOS Devices Jolly Roger <jollyroger@pobox.com> - 2015-10-05 17:48 +0000
Re: YiSpecter Malware Targets Non-Jailbroken iOS Devices Lloyd Parsons <lloydp211@gmail.com> - 2015-10-05 17:58 +0000
Re: YiSpecter Malware Targets Non-Jailbroken iOS Devices Big Bad Bob <BigBadBob-at-mrp3-dot-com@testing.local> - 2015-10-05 15:17 -0700
Re: YiSpecter Malware Targets Non-Jailbroken iOS Devices Jolly Roger <jollyroger@pobox.com> - 2015-10-05 22:30 +0000
Re: YiSpecter Malware Targets Non-Jailbroken iOS Devices nospam <nospam@nospam.invalid> - 2015-10-05 19:36 -0400
Re: YiSpecter Malware Targets Non-Jailbroken iOS Devices Jolly Roger <jollyroger@pobox.com> - 2015-10-06 00:08 +0000
Re: YiSpecter Malware Targets Non-Jailbroken iOS Devices Savageduck <savageduck1@{REMOVESPAM}me.com> - 2015-10-05 13:11 -0700
csiph-web