Apple has acknowledged the YiSpecter malware that affects even non-jailbroken iPhones, and assures users that devices running versions newer than iOS 8.4 are not affected. Apart from a specific fix issued with the OS version, company also said that it has blocked the apps that distributed the said malware.
Over the weekend, security firm Palo Alto Networks reported about YiSpecter, a malware that was able to infect both jailbroken as well as non-jailbroken iOS devices. It did so by using enterprise certificates and abusing private APIs. The malware, as the firm reported, was only affecting users in Taiwan and China.
In a statement to technology blog The Loop, Apple acknowledged the existence of YiSpecter, and noted the steps it took to combat it. “This issue only impacts users on older versions of iOS who have also downloaded malware from untrusted sources. We addressed this specific issue in iOS 8.4 and we have also blocked the identified apps that distribute this malware,” the company said.
“We encourage customers to stay current with the latest version of iOS for the latest security updates. We also encourage them to only download from trusted sources like the App Store and pay attention to any warnings as they download apps.”
Palo Alto Networks reported that once a device is infected, the malware can launch arbitrary iOS apps, replace existing apps with their malicious counterpart, and force ads as well. It was also able to change bookmarks and modify the search engine in Safari. The firm added that removing the said malware was very difficult as it continues to reappear again.
Apple hasn’t disclosed the number of devices that are affected with YiSpectre, or publicly offered a patch to remove the malware. The company most recently came under first for the first major App Store attack that saw hundreds of legitimate apps in the Chinese App Store embedded with the malicious program XcodeGhost. The company had at the time also cleaned the store of the offending apps.