Its approach Apple Lossless Audio CODEC (ALAC), for the latest threats leaves businesses vulnerable to new variants of exploits who use it malware WireLurker and Masque, a security firm claims.
According to her publication Marble Security, while Apple has taken steps to block the WireLurker malware, in no way can those steps prevent future versions of the malware. Recall that the WireLurker malware used various certificates to manage to infect systems. Also, according to Marble Security, Apple doesn't protect iPhone and iPad users who sync them Appliances them on Windows PCs.
"Apple's responses to the WireLurker and Masque attacks show that iOS is entering the era of a malware defense similar to what computers have been using for the past decade," said Dave Jevans, founder and CEO of Marble Security. "It needs a dynamic and not a reactive approach to it prevention of these iOS vulnerabilities, as if exploited they can affect business networks, and device security applications.”
According to Apple, the Masque attack was just a threat to users who had disabled Apple security checks, rather forgetting that the malware had a dialog box asking the user if they trusted the application's certificate. If a user clicked "Yes", then the iOS device would have been infected with malware.
This is not a bug, but a way that applications use to install them. Now that it has already been used as an attack, it is very likely to be used again and again.
"The underground cybercrime scene has already begun to exploit mobile devices, and will intensify their attacks targeting business employees. "Dynamic malware protection is more necessary than ever for mobile users - even those using iOS," said Jevans.
You can download the survey from the link below (PDF)