Apple's 'whack-a-mole' approach to security threats is leaving enterprises vulnerable to new variants of exploits underlying the WireLurker and Masque Attack malware, claims a security firm.
According to a report by Marble Security, while Apple has taken steps to block WireLurker, this in no way prevents future versions of this malware from infecting computers by using different enterprise certificates or new versions of the WireLurker. It also doesn't protect iPhone and iPad users who sync to Windows PCs.
"Apple's responses to the WireLurker and Masque Attack operations illustrate that iOS is entering the 'whack-a-mole' era of malware defense, similar to that experienced during the last decade with PCs," said Dave Jevans, founder and chief technology officer at Marble Security. "Being proactive rather than reactive is essential in preventing these iOS vulnerabilities and exploits from affecting enterprise networks, and implementing mobile device security solutions is a huge step in achieving this."
12 essential Microsoft business apps for the iPhone
As part of Microsoft's "mobile first, cloud first" mission, it has built up a large portfolio of consumer and business apps on every platform. In this roundup, I look at a dozen iOS apps that help IT pros and power users stay productive with an iPhone and Microsoft services.
According to Apple, Masque Attack was only a threat to users who had disabled Apple's own security controls, but this is little more than a dialog box that asks a user if they want to trust an enterprise provisioning certificate. If a user clicks "Yes," then the iOS device can have malicious apps installed.
This isn't a bug, but instead a way for enterprises to push proprietary apps to devices. However, now that it has been used as an attack vector once, it is likely to be used again.
According to the report, almost every major corporate security breach over the past three years has been the result of spear-phishing attacks against targeted employees or consultants, and mobile attacks are now the fastest growing category of threats.
"The electronic crime underground has already begun exploiting mobile devices, and it will only intensify attacks on employees, making dynamic protection against malicious apps more critical than ever for mobile users -- even those with iOS," said Jevans.
See also:
Topics: Mobility, Apple, iPad, iPhone
Adrian Kingsley-Hughes is an internationally published technology author who has devoted over a decade to helping users get the most from technology -- whether that be by learning to program, building a PC from a pile of parts, or helping them get the most from their new MP3 player or digital camera.Adrian has authored/co-authored technic... Full Bio
zdnet_core.socialButton.googleLabel Follow @@the_pc_doc Contact Disclosure All opinions expressed on Hardware 2.0 are those of Adrian Kingsley-Hughes. Every effort is made to ensure that the information posted is accurate. If you have any comments, queries or corrections, please contact Adrian via the email link here. Any possible conflicts of interest will be posted below. [Updated: February 23, 2010] - Adrian Kingsley-Hughes has no business relationships, affiliations, investments, or other actual/potential conflicts of interest relating to the content posted so far on this blog. Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
No comments:
Post a Comment