As detailed here, http://appleinsider.com/articles/15/09/24/apple-lists-top-25-apps-affected-by-xcodeghost-malware-infiltration, a group of iOS apps have been published to the app store with malware.
The concern here is whether causation versus correlation is at play here, as many of these apps were for the Chinese market.
Did the malware exploit a more forgiving vetting process from Apple due to complexities with encoding for Mandarin and / or Cantonese? Or, is it a more general issue regarding the vetting of apps for the Asian market?
Regardless, Apple products are no longer under the radar for security concerns, and we should act appropriately.
Thursday, September 24, 2015
Monday, May 4, 2015
AFNetworking, Certs & MITM
Though Apple's iOS AFNetworking vulnerability is several weeks old, I am reminded of the need for IT professionals to constantly be intellectually curious. To clarify, it never hurts to stay current on crypto libraries & CA logistics even if these are outsourced.
Furthermore, it remains necessary for InfoSec/AppSec professionals to stay slightly paranoid about exploits via threat modelling, etc. Years after, the industry is still challenged by MITM exploits/vulnerabilities.
Furthermore, it remains necessary for InfoSec/AppSec professionals to stay slightly paranoid about exploits via threat modelling, etc. Years after, the industry is still challenged by MITM exploits/vulnerabilities.
Subscribe to:
Posts (Atom)