Its approach Apple Lossless Audio CODEC (ALAC), for the latest threats leaves businesses vulnerable to new variants of exploits that use the malware WireLurker and Masque, a security firm claims.
According to her publication Marble Security, while Apple has taken steps to prevent WireLurker malware, in no case can these measures prevent future versions of malware. Remember that WireLurker malware used various certificates to infect systems. Also, according to Marble Security, Apple does not protect iPhone and iPad users who sync their devices to Windows PCs.
"Apple's response to the WireLurker and Masque attacks shows that iOS is entering a period of malware defense similar to that used by computers over the past decade," said Dave Jevans, founder and CEO of Marble Security. "We need a dynamic, non-reactive approach to preventing these iOS vulnerabilities, as exploiting them can affect business networks and device security applications."
According to Apple, the attack Masque was only a threat to users who had disabled Apple security checks, rather forgetting that the malware displayed a dialog box asking the user if they trusted the app's certificate. If a user clicked “Yes”, then the iOS device would be infected with malicious apps.
This is not a bug, but a way that applications use it installation their. Now that it has already been used as an attack, it is very likely to be used again and again.
"The underground cybercrime scene has already begun to exploit mobile devices, and will intensify their attacks targeting business employees. "Dynamic malware protection is more necessary than ever for mobile users - even those using iOS," said Jevans.
You can download the survey from the link below (PDF)