Palo Alto Networks<\/a>.<\/p>\nDubbed \u201cAceDeceiver,\u201d the malware is able to infect iOS devices by exploiting flaws in FairPlay, Apple’s DRM (digital rights management) system.<\/p>\n
According to Palo Alto Networks \u201cAceDeceiver is the first iOS malware we\u2019ve seen that abuses certain design flaws in Apple\u2019s DRM protection mechanism \u2014 namely FairPlay \u2014 to install malicious apps on iOS devices regardless of whether they are jailbroken. This technique is called \u2018FairPlay Man-In-The-Middle (MITM)\u2019 \u2026 Apple allows users purchase and download iOS apps from their App Store through the iTunes client running in their computer. They then can use the computers to install the apps onto their iOS devices. iOS devices will request an authorization code for each app installed to prove the app was actually purchased. In the FairPlay MITM attack, attackers purchase an app from App Store then intercept and save the authorization code. They then developed PC software that simulates the iTunes client behaviors, and tricks iOS devices to believe the app was purchased by victim. Therefore, the user can install apps they never actually paid for, and the creator of the software can install potentially malicious apps without the user\u2019s knowledge.\u201d<\/i><\/p>\n
Three different apps claiming to be wallpaper apps, but in actuality were a part of the AceDeceiver family, were uploaded to the official App Store between July 2015 and February 2016. These apps provided attackers with a fake authorization code.<\/p>\n
A Windows client called \u201cAisi Helper\u201d was installed by users in China, and installed malicious iOS apps on the devices.<\/p>\n
The apps have been removed from the App Store by Apple, but remain a threat because attackers still have authorization codes needed to install fake apps.<\/p>\n
As of now, only users in China are maliciously affected by AceDeceiver, but Palo Alto Networks states that this could change at any time.<\/p>\n
Palo Alto Networks has offered this advice for users:\u00a0\u201cWe suggest users who installed Aisi Helper\u2019s Windows client or iOS apps after March 2015 to remove these software and apps immediately, as well as change their Apple ID passwords. We also suggest all iOS users to enable two-factor authentication for their Apple IDs.\u201d<\/i><\/p>\n
For more information, you can read the entire Palo Alto Networks report here: researchcenter.paloaltonetworks.com\/2016\/03\/acedeceiver-first-ios-trojan-exploiting-apple-drm-design-flaws-to-infect-any-ios-device\/<\/a><\/p>\n","protected":false},"excerpt":{"rendered":"A new family of iOS malware that is able to infect non-jailbroken iOS devices without relying on an enterprise certificate has been\u00a0discovered by Palo Alto Networks. Dubbed \u201cAceDeceiver,\u201d the malware is able to infect iOS devices by exploiting flaws in FairPlay, Apple’s DRM (digital rights management) system. According to Palo Alto Networks \u201cAceDeceiver is the […]<\/p>\n","protected":false},"author":16,"featured_media":35517,"comment_status":"open","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"_monsterinsights_skip_tracking":false,"_monsterinsights_sitenote_active":false,"_monsterinsights_sitenote_note":"","_monsterinsights_sitenote_category":0,"spay_email":"","footnotes":""},"categories":[2366],"class_list":["post-35515","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-apple-news"],"yoast_head":"\n
'AceDeceiver' Malware Infects iOS Devices by Exploiting DRM Flaws<\/title>\n<meta name=\"description\" content=\"A new family of iOS malware that is able to infect non-jailbroken iOS devices without relying on an enterprise certificate has been\u00a0discovered by Palo\" \/>\n<meta name=\"robots\" content=\"index, follow, max-snippet:-1, max-image-preview:large, max-video-preview:-1\" \/>\n<link rel=\"canonical\" href=\"https:\/\/eshop.macsales.com\/blog\/35515-acedeceiver-malware-infects-ios-devices-by-exploiting-drm-flaws\/\" \/>\n<meta property=\"og:locale\" content=\"en_US\" \/>\n<meta property=\"og:type\" content=\"article\" \/>\n<meta property=\"og:title\" content=\"'AceDeceiver' Malware Infects iOS Devices by Exploiting DRM Flaws\" \/>\n<meta property=\"og:description\" content=\"A new family of iOS malware that is able to infect non-jailbroken iOS devices without relying on an enterprise certificate has been\u00a0discovered by Palo\" \/>\n<meta property=\"og:url\" content=\"https:\/\/eshop.macsales.com\/blog\/35515-acedeceiver-malware-infects-ios-devices-by-exploiting-drm-flaws\/\" \/>\n<meta property=\"og:site_name\" content=\"Rocket Yard\" \/>\n<meta property=\"article:author\" content=\"https:\/\/www.facebook.com\/PoweredbyOWC\/\" \/>\n<meta property=\"article:published_time\" content=\"2016-03-16T22:36:41+00:00\" \/>\n<meta property=\"article:modified_time\" content=\"2016-03-17T19:19:31+00:00\" \/>\n<meta property=\"og:image\" content=\"https:\/\/eshop.macsales.com\/blog\/wp-content\/uploads\/2016\/03\/AceDeceiver-1-11.png\" \/>\n\t<meta property=\"og:image:width\" content=\"640\" \/>\n\t<meta property=\"og:image:height\" content=\"312\" \/>\n\t<meta property=\"og:image:type\" content=\"image\/png\" \/>\n<meta name=\"author\" content=\"OWC Newsfeed\" \/>\n<meta name=\"twitter:card\" content=\"summary_large_image\" \/>\n<meta name=\"twitter:creator\" content=\"@https:\/\/twitter.com\/poweredbyOWC\" \/>\n<meta name=\"twitter:label1\" content=\"Written by\" \/>\n\t<meta name=\"twitter:data1\" content=\"OWC Newsfeed\" \/>\n\t<meta name=\"twitter:label2\" content=\"Est. reading time\" \/>\n\t<meta name=\"twitter:data2\" content=\"2 minutes\" \/>\n<script type=\"application\/ld+json\" class=\"yoast-schema-graph\">{\"@context\":\"https:\/\/schema.org\",\"@graph\":[{\"@type\":\"Article\",\"@id\":\"https:\/\/eshop.macsales.com\/blog\/35515-acedeceiver-malware-infects-ios-devices-by-exploiting-drm-flaws\/#article\",\"isPartOf\":{\"@id\":\"https:\/\/eshop.macsales.com\/blog\/35515-acedeceiver-malware-infects-ios-devices-by-exploiting-drm-flaws\/\"},\"author\":{\"name\":\"OWC Newsfeed\",\"@id\":\"https:\/\/eshop.macsales.com\/blog\/#\/schema\/person\/3ba79aedbd7ad1c0c4c8a33295f0c45b\"},\"headline\":\"‘AceDeceiver’ Malware Infects iOS Devices by Exploiting DRM Flaws\",\"datePublished\":\"2016-03-16T22:36:41+00:00\",\"dateModified\":\"2016-03-17T19:19:31+00:00\",\"mainEntityOfPage\":{\"@id\":\"https:\/\/eshop.macsales.com\/blog\/35515-acedeceiver-malware-infects-ios-devices-by-exploiting-drm-flaws\/\"},\"wordCount\":404,\"commentCount\":0,\"publisher\":{\"@id\":\"https:\/\/eshop.macsales.com\/blog\/#organization\"},\"keywords\":[\"AceDeceiver\",\"Apple\",\"iOS\",\"Malware\",\"Palo Alto Networks\"],\"articleSection\":[\"Apple News\"],\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"CommentAction\",\"name\":\"Comment\",\"target\":[\"https:\/\/eshop.macsales.com\/blog\/35515-acedeceiver-malware-infects-ios-devices-by-exploiting-drm-flaws\/#respond\"]}]},{\"@type\":\"WebPage\",\"@id\":\"https:\/\/eshop.macsales.com\/blog\/35515-acedeceiver-malware-infects-ios-devices-by-exploiting-drm-flaws\/\",\"url\":\"https:\/\/eshop.macsales.com\/blog\/35515-acedeceiver-malware-infects-ios-devices-by-exploiting-drm-flaws\/\",\"name\":\"'AceDeceiver' Malware Infects iOS Devices by Exploiting DRM Flaws\",\"isPartOf\":{\"@id\":\"https:\/\/eshop.macsales.com\/blog\/#website\"},\"datePublished\":\"2016-03-16T22:36:41+00:00\",\"dateModified\":\"2016-03-17T19:19:31+00:00\",\"description\":\"A new family of iOS malware that is able to infect non-jailbroken iOS devices without relying on an enterprise certificate has been\u00a0discovered by Palo\",\"breadcrumb\":{\"@id\":\"https:\/\/eshop.macsales.com\/blog\/35515-acedeceiver-malware-infects-ios-devices-by-exploiting-drm-flaws\/#breadcrumb\"},\"inLanguage\":\"en-US\",\"potentialAction\":[{\"@type\":\"ReadAction\",\"target\":[\"https:\/\/eshop.macsales.com\/blog\/35515-acedeceiver-malware-infects-ios-devices-by-exploiting-drm-flaws\/\"]}]},{\"@type\":\"BreadcrumbList\",\"@id\":\"https:\/\/eshop.macsales.com\/blog\/35515-acedeceiver-malware-infects-ios-devices-by-exploiting-drm-flaws\/#breadcrumb\",\"itemListElement\":[{\"@type\":\"ListItem\",\"position\":1,\"name\":\"Home\",\"item\":\"https:\/\/eshop.macsales.com\/blog\/\"},{\"@type\":\"ListItem\",\"position\":2,\"name\":\"‘AceDeceiver’ Malware Infects iOS Devices by Exploiting DRM Flaws\"}]},{\"@type\":\"WebSite\",\"@id\":\"https:\/\/eshop.macsales.com\/blog\/#website\",\"url\":\"https:\/\/eshop.macsales.com\/blog\/\",\"name\":\"Rocket Yard\",\"description\":\"Your source for expert tips, special deals, commentary, reviews, and the latest tech news.\",\"publisher\":{\"@id\":\"https:\/\/eshop.macsales.com\/blog\/#organization\"},\"potentialAction\":[{\"@type\":\"SearchAction\",\"target\":{\"@type\":\"EntryPoint\",\"urlTemplate\":\"https:\/\/eshop.macsales.com\/blog\/?s={search_term_string}\"},\"query-input\":\"required name=search_term_string\"}],\"inLanguage\":\"en-US\"},{\"@type\":\"Organization\",\"@id\":\"https:\/\/eshop.macsales.com\/blog\/#organization\",\"name\":\"OWC\",\"url\":\"https:\/\/eshop.macsales.com\/blog\/\",\"logo\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/eshop.macsales.com\/blog\/#\/schema\/logo\/image\/\",\"url\":\"https:\/\/eshop.macsales.com\/blog\/wp-content\/uploads\/2020\/06\/rocket-yard-logo-round.png\",\"contentUrl\":\"https:\/\/eshop.macsales.com\/blog\/wp-content\/uploads\/2020\/06\/rocket-yard-logo-round.png\",\"width\":1024,\"height\":1024,\"caption\":\"OWC\"},\"image\":{\"@id\":\"https:\/\/eshop.macsales.com\/blog\/#\/schema\/logo\/image\/\"}},{\"@type\":\"Person\",\"@id\":\"https:\/\/eshop.macsales.com\/blog\/#\/schema\/person\/3ba79aedbd7ad1c0c4c8a33295f0c45b\",\"name\":\"OWC Newsfeed\",\"image\":{\"@type\":\"ImageObject\",\"inLanguage\":\"en-US\",\"@id\":\"https:\/\/eshop.macsales.com\/blog\/#\/schema\/person\/image\/\",\"url\":\"https:\/\/secure.gravatar.com\/avatar\/9f1110b1b2f58a5e0ff99b6ac1cb93dbf853e7848b2c0d0855b7aa63698c9674?s=96&d=mm&r=g\",\"contentUrl\":\"https:\/\/secure.gravatar.com\/avatar\/9f1110b1b2f58a5e0ff99b6ac1cb93dbf853e7848b2c0d0855b7aa63698c9674?s=96&d=mm&r=g\",\"caption\":\"OWC Newsfeed\"},\"description\":\"The OWC Newsfeed provides the latest OWC, MacSales.com, Rocket Yard, and industry news, information, and announcements for your reading pleasure and shareability!\",\"sameAs\":[\"http:\/\/www.owc.com\",\"https:\/\/www.facebook.com\/PoweredbyOWC\/\",\"https:\/\/www.pinterest.com\/owcmacsales\/\",\"https:\/\/twitter.com\/https:\/\/twitter.com\/poweredbyOWC\",\"https:\/\/www.youtube.com\/user\/OWCmacsales?sub_confirmation=1\"],\"url\":\"https:\/\/eshop.macsales.com\/blog\/author\/owc-newsfeed\/\"}]}<\/script>\n<!-- \/ Yoast SEO Premium plugin. -->","yoast_head_json":{"title":"'AceDeceiver' Malware Infects iOS Devices by Exploiting DRM Flaws","description":"A new family of iOS malware that is able to infect non-jailbroken iOS devices without relying on an enterprise certificate has been\u00a0discovered by Palo","robots":{"index":"index","follow":"follow","max-snippet":"max-snippet:-1","max-image-preview":"max-image-preview:large","max-video-preview":"max-video-preview:-1"},"canonical":"https:\/\/eshop.macsales.com\/blog\/35515-acedeceiver-malware-infects-ios-devices-by-exploiting-drm-flaws\/","og_locale":"en_US","og_type":"article","og_title":"'AceDeceiver' Malware Infects iOS Devices by Exploiting DRM Flaws","og_description":"A new family of iOS malware that is able to infect non-jailbroken iOS devices without relying on an enterprise certificate has been\u00a0discovered by Palo","og_url":"https:\/\/eshop.macsales.com\/blog\/35515-acedeceiver-malware-infects-ios-devices-by-exploiting-drm-flaws\/","og_site_name":"Rocket Yard","article_author":"https:\/\/www.facebook.com\/PoweredbyOWC\/","article_published_time":"2016-03-16T22:36:41+00:00","article_modified_time":"2016-03-17T19:19:31+00:00","og_image":[{"width":640,"height":312,"url":"https:\/\/eshop.macsales.com\/blog\/wp-content\/uploads\/2016\/03\/AceDeceiver-1-11.png","type":"image\/png"}],"author":"OWC Newsfeed","twitter_card":"summary_large_image","twitter_creator":"@https:\/\/twitter.com\/poweredbyOWC","twitter_misc":{"Written by":"OWC Newsfeed","Est. reading time":"2 minutes"},"schema":{"@context":"https:\/\/schema.org","@graph":[{"@type":"Article","@id":"https:\/\/eshop.macsales.com\/blog\/35515-acedeceiver-malware-infects-ios-devices-by-exploiting-drm-flaws\/#article","isPartOf":{"@id":"https:\/\/eshop.macsales.com\/blog\/35515-acedeceiver-malware-infects-ios-devices-by-exploiting-drm-flaws\/"},"author":{"name":"OWC Newsfeed","@id":"https:\/\/eshop.macsales.com\/blog\/#\/schema\/person\/3ba79aedbd7ad1c0c4c8a33295f0c45b"},"headline":"‘AceDeceiver’ Malware Infects iOS Devices by Exploiting DRM Flaws","datePublished":"2016-03-16T22:36:41+00:00","dateModified":"2016-03-17T19:19:31+00:00","mainEntityOfPage":{"@id":"https:\/\/eshop.macsales.com\/blog\/35515-acedeceiver-malware-infects-ios-devices-by-exploiting-drm-flaws\/"},"wordCount":404,"commentCount":0,"publisher":{"@id":"https:\/\/eshop.macsales.com\/blog\/#organization"},"keywords":["AceDeceiver","Apple","iOS","Malware","Palo Alto Networks"],"articleSection":["Apple News"],"inLanguage":"en-US","potentialAction":[{"@type":"CommentAction","name":"Comment","target":["https:\/\/eshop.macsales.com\/blog\/35515-acedeceiver-malware-infects-ios-devices-by-exploiting-drm-flaws\/#respond"]}]},{"@type":"WebPage","@id":"https:\/\/eshop.macsales.com\/blog\/35515-acedeceiver-malware-infects-ios-devices-by-exploiting-drm-flaws\/","url":"https:\/\/eshop.macsales.com\/blog\/35515-acedeceiver-malware-infects-ios-devices-by-exploiting-drm-flaws\/","name":"'AceDeceiver' Malware Infects iOS Devices by Exploiting DRM Flaws","isPartOf":{"@id":"https:\/\/eshop.macsales.com\/blog\/#website"},"datePublished":"2016-03-16T22:36:41+00:00","dateModified":"2016-03-17T19:19:31+00:00","description":"A new family of iOS malware that is able to infect non-jailbroken iOS devices without relying on an enterprise certificate has been\u00a0discovered by Palo","breadcrumb":{"@id":"https:\/\/eshop.macsales.com\/blog\/35515-acedeceiver-malware-infects-ios-devices-by-exploiting-drm-flaws\/#breadcrumb"},"inLanguage":"en-US","potentialAction":[{"@type":"ReadAction","target":["https:\/\/eshop.macsales.com\/blog\/35515-acedeceiver-malware-infects-ios-devices-by-exploiting-drm-flaws\/"]}]},{"@type":"BreadcrumbList","@id":"https:\/\/eshop.macsales.com\/blog\/35515-acedeceiver-malware-infects-ios-devices-by-exploiting-drm-flaws\/#breadcrumb","itemListElement":[{"@type":"ListItem","position":1,"name":"Home","item":"https:\/\/eshop.macsales.com\/blog\/"},{"@type":"ListItem","position":2,"name":"‘AceDeceiver’ Malware Infects iOS Devices by Exploiting DRM Flaws"}]},{"@type":"WebSite","@id":"https:\/\/eshop.macsales.com\/blog\/#website","url":"https:\/\/eshop.macsales.com\/blog\/","name":"Rocket Yard","description":"Your source for expert tips, special deals, commentary, reviews, and the latest tech news.","publisher":{"@id":"https:\/\/eshop.macsales.com\/blog\/#organization"},"potentialAction":[{"@type":"SearchAction","target":{"@type":"EntryPoint","urlTemplate":"https:\/\/eshop.macsales.com\/blog\/?s={search_term_string}"},"query-input":"required name=search_term_string"}],"inLanguage":"en-US"},{"@type":"Organization","@id":"https:\/\/eshop.macsales.com\/blog\/#organization","name":"OWC","url":"https:\/\/eshop.macsales.com\/blog\/","logo":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/eshop.macsales.com\/blog\/#\/schema\/logo\/image\/","url":"https:\/\/eshop.macsales.com\/blog\/wp-content\/uploads\/2020\/06\/rocket-yard-logo-round.png","contentUrl":"https:\/\/eshop.macsales.com\/blog\/wp-content\/uploads\/2020\/06\/rocket-yard-logo-round.png","width":1024,"height":1024,"caption":"OWC"},"image":{"@id":"https:\/\/eshop.macsales.com\/blog\/#\/schema\/logo\/image\/"}},{"@type":"Person","@id":"https:\/\/eshop.macsales.com\/blog\/#\/schema\/person\/3ba79aedbd7ad1c0c4c8a33295f0c45b","name":"OWC Newsfeed","image":{"@type":"ImageObject","inLanguage":"en-US","@id":"https:\/\/eshop.macsales.com\/blog\/#\/schema\/person\/image\/","url":"https:\/\/secure.gravatar.com\/avatar\/9f1110b1b2f58a5e0ff99b6ac1cb93dbf853e7848b2c0d0855b7aa63698c9674?s=96&d=mm&r=g","contentUrl":"https:\/\/secure.gravatar.com\/avatar\/9f1110b1b2f58a5e0ff99b6ac1cb93dbf853e7848b2c0d0855b7aa63698c9674?s=96&d=mm&r=g","caption":"OWC Newsfeed"},"description":"The OWC Newsfeed provides the latest OWC, MacSales.com, Rocket Yard, and industry news, information, and announcements for your reading pleasure and shareability!","sameAs":["http:\/\/www.owc.com","https:\/\/www.facebook.com\/PoweredbyOWC\/","https:\/\/www.pinterest.com\/owcmacsales\/","https:\/\/twitter.com\/https:\/\/twitter.com\/poweredbyOWC","https:\/\/www.youtube.com\/user\/OWCmacsales?sub_confirmation=1"],"url":"https:\/\/eshop.macsales.com\/blog\/author\/owc-newsfeed\/"}]}},"jetpack_featured_media_url":"https:\/\/eshop.macsales.com\/blog\/wp-content\/uploads\/2016\/03\/AceDeceiver-1-11.png","jetpack_shortlink":"https:\/\/wp.me\/pmPaT-9eP","_links":{"self":[{"href":"https:\/\/eshop.macsales.com\/blog\/wp-json\/wp\/v2\/posts\/35515","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/eshop.macsales.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/eshop.macsales.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/eshop.macsales.com\/blog\/wp-json\/wp\/v2\/users\/16"}],"replies":[{"embeddable":true,"href":"https:\/\/eshop.macsales.com\/blog\/wp-json\/wp\/v2\/comments?post=35515"}],"version-history":[{"count":3,"href":"https:\/\/eshop.macsales.com\/blog\/wp-json\/wp\/v2\/posts\/35515\/revisions"}],"predecessor-version":[{"id":35520,"href":"https:\/\/eshop.macsales.com\/blog\/wp-json\/wp\/v2\/posts\/35515\/revisions\/35520"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/eshop.macsales.com\/blog\/wp-json\/wp\/v2\/media\/35517"}],"wp:attachment":[{"href":"https:\/\/eshop.macsales.com\/blog\/wp-json\/wp\/v2\/media?parent=35515"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/eshop.macsales.com\/blog\/wp-json\/wp\/v2\/categories?post=35515"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
![\"AceDeceiver-1-1\"](\"https:\/\/eshop.macsales.com\/blog\/wp-content\/uploads\/2016\/03\/AceDeceiver-1-11.png\")
<\/p>\n