Two main weakness that allow circumvention of apple’s security measures

Attackers can compromise your iPhone through chargers and apps


Researchers from the Georgia Tech Information Security Center (GTISC) have discovered two security weaknesses that permit installation of malware onto Apple mobile devices mainly iPhone using seemingly innocuous applications and peripherals, uncovering significant security threats to the iOS platform.

Apple’s security measures used a mandatory app review process to ensure that only approved apps can run on ios devices which gives more safety to users when using ios app. But now scientist discovered two weakness that allow  circumvention of apple’s security measures

Research scientist Tielei Wang and Billy Lau learned Malware can be installed onto ios devices via Trojan Horse-style applications and peripherals.Their experimental approach hides malicious code that would otherwise get rejected during the apple review process. Wang’s team developed a proof-of-concept attack,  called Jekyll,this new functionality can easily skip the apple’s normal approval process This allows the malicious aspects of the app to remain undetected 

“We were able to successfully publish a malicious app and use it to remotely launch attacks on a controlled group of devices,” said Wang. “Our research shows that despite running inside the iOS sandbox, a Jekyll-based app can successfully perform many malicious tasks, such as posting tweets, taking photos, sending email and SMS, and even attacking other apps – all without the user’s knowledge.”

With an another experiment they built a  malicious charger using a small, inexpensive single-board computer. Called Mactans, it can easily be constructed to resemble a normal iPhone or iPad charger. However, once plugged into an iOS device, Mactans secretly installs a malicious app.“Despite the plethora of defense mechanisms in iOS, Mactans was able to install arbitrary apps within one minute of being plugged into current-generation Apple devices running the latest operating system software,” said Lau. “All users are affected, as our approach requires neither a jailbroken device nor user interaction.”

The researchers are very happy because apple respond very positively for this new discoveries.and bbc reported  that they are planning to make an update for recovering this new two vulnerabilities