Apple Responds to YiSpecter Malware, Says Fix Was Implemented in iOS 8.4

[MacRumors]

Over the weekend, security site Palo Alto Networks detailed a new iOS malware that's able to infect non-jailbroken Apple devices using enterprise certificates and private APIs. It originated in Taiwan and China and was installed through several methods, including hijacking traffic from ISPs, an SNS worm on Windows, and offline app installation.

Called YiSpecter, the malware is able to download, install, and launch apps, doing things like replacing existing apps, displaying advertisements in legitimate apps, changing Safari's default engine, and uploading user information to remote servers.

A popup ad that was able to install YiSpecter on iOS devices​

In response to the detailing of YiSpecter, Apple has released an official statement to The Loop explaining that YiSpecter is only able to target iOS users who are running an older version of iOS that have also downloaded content from untrusted sources.

"This issue only impacts users on older versions of iOS who have also downloaded malware from untrusted sources. We addressed this specific issue in iOS 8.4 and we have also blocked the identified apps that distribute this malware. We encourage customers to stay current with the latest version of iOS for the latest security updates. We also encourage them to only download from trusted sources like the App Store and pay attention to any warnings as they download apps."

Apple implemented fixes for YiSpecter in iOS 8.4, so iOS 8.4.1 and iOS 9 are immune to the malware. Users who want to avoid being targeted by YiSpecter should make sure to upgrade to the latest version of iOS and as always, should avoid downloading apps from unverified sources.

Article Link: Apple Responds to YiSpecter Malware, Says Fix Was Implemented in iOS 8.4

 

[Kaibelf]

Cue the people who claim that Apple is "forcing them to upgrade" by patching things in new software and who are complaining because they can't seem to get over using iOS6.

 

[bbbb4b]

"Apple implemented fixes for YiSpecter in iOS 8.4, so iOS 8.4.1 and iOS 9 are immune to the malware."
Macrumors:
You need to fix this. Not only is it a run-on sentence, I can't tell if fix was in 8.4 or 8.4.1

 

[gsmornot]

"Apple implemented fixes for YiSpecter in iOS 8.4, so iOS 8.4.1 and iOS 9 are immune to the malware."
Macrumors:
You need to fix this. Not only is it a run-on sentence, I can't tell if fix was in 8.4 or 8.4.1

The fix is in 8.4. If you have 8.4.1 or 9 you will also have the fix already.

 

[Rogifan]

Why does it seem like all this malware stuff is either happening via jailbroken devices or people installing things outside the AppStore from untrustworthy sources? Has there been a case of someone outside of China getting malware via an app downloaded from the AppStore?

 

[gsmornot]

Why does it seem like all this malware stuff is either happening via jailbroken devices or people installing things outside the AppStore from untrustworthy sources? Has there been a case of someone outside of China getting malware via an app downloaded from the AppStore?

Yes. Recently bad xcode was included in app builds that passed the app store filters. It was discovered and the apps have been removed but a few were popular apps. Not sure anything happened because of it but the bad code was there for legitimate downloads. Look for xcodeghost. https://www.macrumors.com/2015/09/20/xcodeghost-chinese-malware-faq/

 

[cortz]

You mean the < 8% of people still on iOS7?

 

[deviant]

You mean the < 8% of people still on iOS7?

exactly. 8% is still literally tens of millions of users. you can just close your eyes and pretend they aren't there, or that it's only 8%, but they are there.

 

[Max(IT)]

One of the good reasons to always install the latest iOS update

Yes. Recently bad xcode was included in app builds that passed the app store filters. It was discovered and the apps have been removed but a few were popular apps. Not sure anything happened because of it but the bad code was there for legitimate downloads. Look for xcodeghost. https://www.macrumors.com/2015/09/20/xcodeghost-chinese-malware-faq/

It was only in the Chinese App Store

 

[Iconoclysm]

exactly. 8% is still literally tens of millions of users. you can just close your eyes and pretend they aren't there, or that it's only 8%, but they are there.

Meanwhile, Android and Windows Phone have left phones just a year old with no further patches...forever.

 

[inkswamp]

exactly. 8% is still literally tens of millions of users. you can just close your eyes and pretend they aren't there, or that it's only 8%, but they are there.

You mean the tiny subset of that 8% that also downloaded from untrusted sources.

See, you're exaggerating and overreacting. That 8%, millions of people or not, doesn't constitute an epidemic. Apple has to have a threshold below which they no longer issue security fixes. I think letting iOS 7 go is completely reasonable, especially since the upgrades are free and brain-dead easy to install.

 

[SlipperySlop]

Cue the people who claim that Apple is "forcing them to upgrade" by patching things in new software and who are complaining because they can't seem to get over using iOS6.

All you are really doing is encouraging them to do so.

"Apple implemented fixes for YiSpecter in iOS 8.4, so iOS 8.4.1 and iOS 9 are immune to the malware."
Macrumors:
You need to fix this. Not only is it a run-on sentence, I can't tell if fix was in 8.4 or 8.4.1

The sentence isn't perfect, but it gets the point across and there really isn't ambiguity if you think about it just a bit.

 

[Max(IT)]

Meanwhile, Android and Windows Phone have left phones just a year old with no further patches...forever.

Well, actually Microsoft support old devices the same way Apple does.... Windows 8.1 was available even for very old devices, and Windows 10 will be available for many...

 

[Noble Actual]

Easy solution is just not go on Chinese site and/or apps.

Keep on telling people I know not to use we chat but so many people do.

 

[btrach144]

Cue the people who claim that Apple is "forcing them to upgrade" by patching things in new software and who are complaining because they can't seem to get over using iOS6.

I never leaving iOS 6.1.6!!!!!!!!!!!!!!!!!!!!!!!!1

 

[Xenomorph]

Does this affect iOS 7, iOS 6, iOS 5, iOS 4, or iOS 3?

Lots of iOS devices cannot upgrade past those.

 

[btrach144]

***

 

[btrach144]

Does this affect iOS 7, iOS 6, iOS 5, iOS 4, or iOS 3?

Lots of iOS devices cannot upgrade past those.

Straight from the article, "Apple implemented fixes for YiSpecter in iOS 8.4, so iOS 8.4.1 and iOS 9 are immune to the malware."

 

[Skoal]

There are millions of people on iOS that no doubt don't consistently update because "it might mess my phone up"!

 

[Rogifan]

Does this affect iOS 7, iOS 6, iOS 5, iOS 4, or iOS 3?

Lots of iOS devices cannot upgrade past those.

How many of those people are downloading from untrusted sources or are in China? My guesses people using devices with iOS 6 and older software aren't downloading much of anything these days.

 

[brand]

There are millions of people on iOS that no doubt don't consistently update because "it might mess my phone up"!

Do you have a source for that? I thought not.

I am not saying that you are right or wrong just that you made up that number.

 

[lkrupp]

There are millions of people on iOS that no doubt don't consistently update because "it might mess my phone up"!

Which is precisely why automatic updates should be forced down their throats whether they want them or not. Or at the very least they should be required to release Apple from all liability if they choose not to update their devices.

 

[AngerDanger]

"Apple implemented fixes for YiSpecter in iOS 8.4, so iOS 8.4.1 and iOS 9 are immune to the malware."
Macrumors:
You need to fix this. Not only is it a run-on sentence, I can't tell if fix was in 8.4 or 8.4.1

Actually, it's not; it's a compound sentence. Compound sentences are made out of two independent clauses (e.g. "Apple implemented fixes for YiSpecter in iOS 8.4" and "iOS 8.4.1 and iOS 9 are immune to the malware"). Between the two clauses, the coordinating conjunction "so" is inserted. As the first clause clearly states, the fix was implemented in iOS 8.4.

 

[MrNomNoms]

Does this affect iOS 7, iOS 6, iOS 5, iOS 4, or iOS 3?

Lots of iOS devices cannot upgrade past those.

iPhone 4 is over 5 years old (which is the latest oldest iPhone unsupported) - if you cannot upgrade a phone that is 5 years old to something newer (if you you put $10 each week for 5 years you could purchase two top of the line iPhone 6 phones today - off contract). At some point you have to have a cut off point to stop providing updates and I don't think it is untoward cutting off support for a device that is 5 years old.

 

[HenryDJP]

MacRumors has become the go to spot for Language and Literature experts....