A rising number of threat actors have begun developing malware for Apple devices running Mac OS X and iOS. While threats remain lower than for Windows and Android, malware targeting Apple systems has grown steadily in recent years. Security researchers have uncovered vulnerabilities in Apple software, and zero-day brokers now offer bounties for Apple exploits. As Apple's popularity increases, malware for its platforms will likely continue to rise unless users take precautions to secure their devices.
Study of similiarities and difference between android and ios system archiitecture in operating system perspective like thread management process management memory management etc more technical details
This document discusses and compares the mobile operating systems Android and iOS. It begins with introductions to mobile operating systems in general and highlights Android and iOS specifically. It then analyzes the software architectures and security of each, noting Android is more vulnerable due to fragmentation and fewer security updates. Possible solutions to threats are outlined, and the document concludes that iOS is more secure due to timely updates, centralized management, and stronger access controls.
To some extent comparing Android and Apple in this regard is misleading. Android OS is software, designed to run on a multitude of compliant, but separate, hardware. iOS is both the software and the hardware of the iPhone. The two are inseparable. This difference cannot be overstated and its ramifications are what truly separates Apple from other computer corporations, for better and worse.
The Android vs. Apple iOS Security Showdown Tom Eston
Android and Apple mobile devices have taken the market by storm. Not only are they being used by consumers but they are now being used for critical functions in businesses, hospitals, government and more. This trend is expected to continue with the popularity of mobile devices such as tablets well into the future. In this presentation we put Android up against Apple iOS to determine which, if any, are ready for enterprise or federal use. Once and for all we battle the Apple App Store vs. Google Play, device updates, developer controls, security features and the current slew of vulnerabilities for both devices. Which platform will emerge the victor? You might find that while the "tech is hot" the implementation and built in security controls are "not".
This document provides an overview of the iOS architecture and file system. It discusses that iOS was originally developed for the iPhone but can support other Apple devices. The file system handles persistent storage and is based on the Unix file system. The iOS architecture has four main layers - the Core OS layer, Core Services layer, Media layer, and Cocoa Touch layer. Each layer provides different fundamental services with the Core OS layer being the lowest level. The document also explains that each iOS app is isolated to its own sandbox directory and has limited access to files outside of this directory.
iOS is Apple's mobile operating system that runs on the iPhone, iPad, and iPod touch. It uses a graphical user interface designed for touchscreen input. While providing a basic interface, each new version of iOS adds more features such as support for third-party apps, copy/paste functionality, and Siri. iOS powers portable devices through frameworks for building apps, multimedia, and low-level system functions. It provides technologies for graphics, audio/video, text handling, imaging, and accessing a user's media through layers of abstraction.
Which Mobile OS is the Most Secure; Apple, Android or Windows? [Updated 2016-...hlittle
Our SlideShare from February, 2016 updated for new advancements and operating system releases. Learn which Mobile OS is the most secure; Apple, Android or Windows.
With the growing popularity of Bring Your Own Device (BYOD) and similar company-wide policies integrating mobile devices into the work day, a question arises about security. Often times, these devices are collecting confidential and sometimes sensitive information, especially when the data being collected involves compliance and regulatory measures.
If you are looking to implement a new solution that includes a mobile application, it’s important to know the security features of each mobile operating system and how to further protect your privacy.
Study of similiarities and difference between android and ios system archiitecture in operating system perspective like thread management process management memory management etc more technical details
This document discusses and compares the mobile operating systems Android and iOS. It begins with introductions to mobile operating systems in general and highlights Android and iOS specifically. It then analyzes the software architectures and security of each, noting Android is more vulnerable due to fragmentation and fewer security updates. Possible solutions to threats are outlined, and the document concludes that iOS is more secure due to timely updates, centralized management, and stronger access controls.
To some extent comparing Android and Apple in this regard is misleading. Android OS is software, designed to run on a multitude of compliant, but separate, hardware. iOS is both the software and the hardware of the iPhone. The two are inseparable. This difference cannot be overstated and its ramifications are what truly separates Apple from other computer corporations, for better and worse.
The Android vs. Apple iOS Security Showdown Tom Eston
Android and Apple mobile devices have taken the market by storm. Not only are they being used by consumers but they are now being used for critical functions in businesses, hospitals, government and more. This trend is expected to continue with the popularity of mobile devices such as tablets well into the future. In this presentation we put Android up against Apple iOS to determine which, if any, are ready for enterprise or federal use. Once and for all we battle the Apple App Store vs. Google Play, device updates, developer controls, security features and the current slew of vulnerabilities for both devices. Which platform will emerge the victor? You might find that while the "tech is hot" the implementation and built in security controls are "not".
This document provides an overview of the iOS architecture and file system. It discusses that iOS was originally developed for the iPhone but can support other Apple devices. The file system handles persistent storage and is based on the Unix file system. The iOS architecture has four main layers - the Core OS layer, Core Services layer, Media layer, and Cocoa Touch layer. Each layer provides different fundamental services with the Core OS layer being the lowest level. The document also explains that each iOS app is isolated to its own sandbox directory and has limited access to files outside of this directory.
iOS is Apple's mobile operating system that runs on the iPhone, iPad, and iPod touch. It uses a graphical user interface designed for touchscreen input. While providing a basic interface, each new version of iOS adds more features such as support for third-party apps, copy/paste functionality, and Siri. iOS powers portable devices through frameworks for building apps, multimedia, and low-level system functions. It provides technologies for graphics, audio/video, text handling, imaging, and accessing a user's media through layers of abstraction.
Which Mobile OS is the Most Secure; Apple, Android or Windows? [Updated 2016-...hlittle
Our SlideShare from February, 2016 updated for new advancements and operating system releases. Learn which Mobile OS is the most secure; Apple, Android or Windows.
With the growing popularity of Bring Your Own Device (BYOD) and similar company-wide policies integrating mobile devices into the work day, a question arises about security. Often times, these devices are collecting confidential and sometimes sensitive information, especially when the data being collected involves compliance and regulatory measures.
If you are looking to implement a new solution that includes a mobile application, it’s important to know the security features of each mobile operating system and how to further protect your privacy.
The document discusses and compares key differences between the Android and iOS operating systems and platforms. It covers differences in customization, interfaces, hardware, app development processes, app stores, and other factors. The main points of comparison include customization options, types of devices, OS updates, app approval times, developer account costs, security provisions, and available apps between the two platforms.
Simple and Detail information about the competition between android and iOS. You can get the latest data in this presentation, the current scenario of two major operating system. This presentation is about operating system not mobile phone.
If query you can mail me at abhizala@hotmail.com
Jailbreaking allows iPhone, iPad, and iPod Touch users to run unauthorized third-party software and customize their devices beyond Apple's limitations. The jailbreaking process involves unlocking the operating system to grant root access. Once jailbroken, users can download apps from Cydia and modify features like installing WiFi hotspots, using FaceTime over cellular networks, blocking calls and texts, and customizing home screens and lock screens. While jailbreaking is legal in the US, it voids the device warranty and carries small risks like potential lag, viruses, or incompatible apps.
The document provides an overview of the iOS operating system including:
- iOS was originally released in 2007 for the iPhone, iPod Touch, and Apple TV. It is derived from OS X.
- Features of iOS include security, multitasking, gestures, apps like iBooks and iTunes, and integration with Apple hardware.
- iOS is used on Apple devices and developed using Swift programming language.
This document discusses various aspects of securing Android development including permissions, encryption, API management, and more. It addresses securing the USB, screen, clipboard, and databases. It recommends using Android NDK for cryptography to make analysis harder. API access should use randomly generated access tokens that are tied to the user ID and hardware ID and refreshed periodically. Encryption should be done with keys derived from random, hardware ID, and user-provided values.
This document summarizes a presentation on hijacking attacks on Android devices. It discusses various types of attacks such as visual spoofing, UI redressing through techniques like clickjacking and tapjacking, and the Chrome to Phone attack. It provides examples of these attacks and outlines some countermeasures to help protect against them, such as frame busters and setting filters to block obscured touch gestures. The presentation concludes by noting that UI redressing and clickjacking attacks pose serious dangers, and that more attacks are likely to emerge in the future.
Apple's implementation of TestFlight has a number of advantages. You no longer have to create a provisioning profile for ad hoc distribution, which also means that you don't need to specify which devices are allowed to run the test builds. To add testers, you mark team members as internal testers in iTunes Connect or invite external testers via email. Testers receive a TestFlight invitation to install the test build on their device from the native TestFlight app.
The document discusses mobile security and vulnerabilities. It begins with an introduction of the speaker, Dr. Ir. Stefaan Seys, and the agenda. It then covers topics like the relative security of Android, iOS, and Windows mobile platforms. Specific issues discussed include Android's challenges with updates, data storage vulnerabilities, jailbreaking/rooting risks, and threats involving insufficient transport layer protection and insecure data storage. Examples of past mobile vulnerabilities like Stagefright are provided.
This document provides an overview of iOS, Apple's mobile operating system. It discusses iOS's history from its introduction in 2007 with the iPhone 2G to the latest iOS 7 version. The document also describes iOS's core technologies including the OS layer, services layer, media layer and Cocoa Touch layer. Finally, it lists popular Apple products that run iOS like the iPhone, iPad and iPod touch as well as some commonly used iOS apps.
These slides were presented at GDG MeetUp in Bangalore which was held on 21st September 2013. Uploading the slides to help the people who wanted the slide Deck
iOS is a mobile operating system created by Apple that originally launched on the iPhone in 2007. It has since expanded to support iPod touch, iPad, and Apple TV devices. The operating system is updated annually and has added many new features over time, such as app store functionality, Siri voice assistant, iCloud services, and more. Applications available on iOS include native apps designed specifically for the platform, hybrid apps that are web-based but wrapped in a native container, and web apps that run within a mobile browser. Popular app categories include games, social media, productivity, entertainment, and more.
Android phones are vulnerable to threats like trojans, malware, and SMS scams since they have replaced PCs for many users. Apps can be installed from official stores like Google Play, third party app stores, or by sideloading APK files from other devices. To protect Android devices, users should install and regularly update antivirus software, run weekly security scans, avoid installing untrusted apps, and delete banking/OTP SMS messages promptly.
This document provides a checklist for hardening an Android device with various security settings and recommendations. It suggests forgetting unused Wi-Fi networks, turning off location services and Bluetooth when not in use, limiting saved SMS/MMS messages, updating to the latest OS version, and not rooting or installing apps from untrusted sources. It also recommends enabling encryption, auto-lock, and the Android Device Manager for remote wiping a lost device. Additional security measures mentioned include disabling network notifications and form auto-fill, and showing security warnings for visited sites.
Evolution of Android Operating System and it’s Versionsijtsrd
Android is a software stack for mobile devices that includes an operating system, middleware and key applications. It can be considered as a software platform as well as an operating system for mobile devices based on the Linux operating system and currently developed by Google. It is designed primarily for touch screens mobile devices such as smartphones and tablet computers. One of the most widely used mobile OS these days is android. It is free and open source software its source code is known as Android Open Source Project AOSP , which is primarily licensed under the Apache License. This Paper Contains android architecture consists of key applications, Application framework, Native libraries, Android runtime, DVM, Linux Kernal., Many versions of Android Operating System are KitKat, JellyBean, Honeycomb, Froyo etc… Advantages and Disadvantages of Android and also the conclusion. Aishwarya Gujar | Prof. Pratibha Adkar "Evolution of Android Operating System and it’s Versions" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-4 , June 2021, URL: https://www.ijtsrd.compapers/ijtsrd42519.pdf Paper URL: https://www.ijtsrd.comengineering/computer-engineering/42519/evolution-of-android-operating-system-and-it’s-versions/aishwarya-gujar
presentation on ANDROID by VIVEK GAUTAMVivek Gautam
Android is an operating system designed primarily for touch screen mobile devices such as smart phones and tablet computers, developed by Google in conjunction with the Open Handset Alliance.
There are 14 Shopping/Patching Days remaining until Christmas and only one more Patch Tuesday before Windows 7 and Server 2008/2008 R2 reach their inevitable end of support, unless you're among the 59% of IT professionals who still don’t have all of their users on Windows 10. Also make sure you update your Acrobat, Acrobat Reader, and Chrome versions as there are 21 CVEs in the Adobe release and 51 CVEs in Google’s releases this month.
Android is an open source operating system used primarily for smartphones and tablets. It was developed by Android Inc. which was later acquired by Google. Some key points about Android include:
- It is based on the Linux kernel and allows developers to write code using Java.
- It powers over 1 billion devices worldwide and has gone through numerous version updates over the years.
- Android is used not just for phones and tablets but also for devices like TVs, watches, microwaves and more, allowing for a variety of form factors.
- It provides features like multitasking, notifications and access to the Google Play store for apps.
This document provides an overview of the iOS operating system, including its version history, key features, and the App Store. It discusses the 5 major releases of iOS and how each introduced new capabilities. Some striking features highlighted are Notifications, Gestures, Location Services, Maps, and Bluetooth Services. The document also mentions iCloud and Game Center as part of the iOS ecosystem. It poses some general questions about iOS and provides an example proof of concept for how location-based features could be implemented.
«Инфосистемы Джет» оценила годовые потери российского бизнеса от мошенничестваAndrey Apuhtin
«Инфосистемы Джет» оценила годовые потери российского бизнеса от мошенничества. в период с 2014 по 2015 г. для кредитно-финансовой отрасли в совокупности данный показатель увеличился на 26,8%, что в рублевом эквиваленте превышает 8,9 млрд руб.;
в телекоммуникационном секторе по итогам 2015 г. наблюдается более умеренный рост потерь от мошеннических действий – 6,8% (более 21,75 млрд руб.);
Covert communication in mobile applicationsAndrey Apuhtin
This document describes a study on covert communication in mobile applications. The study found that 63% of external communication made by top popular free Android apps had no effect on user-observable app functionality. The study also developed a static analysis technique to detect covert communication. The technique achieved 93% precision and 61% recall compared to a dynamic analysis ground truth. When applied to additional apps, the technique identified covert connections that could be disabled with little to no impact on user experience in most cases. The document concludes covert communication is common in mobile apps and the static technique is effective for identifying and disabling unnecessary connections.
The document discusses and compares key differences between the Android and iOS operating systems and platforms. It covers differences in customization, interfaces, hardware, app development processes, app stores, and other factors. The main points of comparison include customization options, types of devices, OS updates, app approval times, developer account costs, security provisions, and available apps between the two platforms.
Simple and Detail information about the competition between android and iOS. You can get the latest data in this presentation, the current scenario of two major operating system. This presentation is about operating system not mobile phone.
If query you can mail me at abhizala@hotmail.com
Jailbreaking allows iPhone, iPad, and iPod Touch users to run unauthorized third-party software and customize their devices beyond Apple's limitations. The jailbreaking process involves unlocking the operating system to grant root access. Once jailbroken, users can download apps from Cydia and modify features like installing WiFi hotspots, using FaceTime over cellular networks, blocking calls and texts, and customizing home screens and lock screens. While jailbreaking is legal in the US, it voids the device warranty and carries small risks like potential lag, viruses, or incompatible apps.
The document provides an overview of the iOS operating system including:
- iOS was originally released in 2007 for the iPhone, iPod Touch, and Apple TV. It is derived from OS X.
- Features of iOS include security, multitasking, gestures, apps like iBooks and iTunes, and integration with Apple hardware.
- iOS is used on Apple devices and developed using Swift programming language.
This document discusses various aspects of securing Android development including permissions, encryption, API management, and more. It addresses securing the USB, screen, clipboard, and databases. It recommends using Android NDK for cryptography to make analysis harder. API access should use randomly generated access tokens that are tied to the user ID and hardware ID and refreshed periodically. Encryption should be done with keys derived from random, hardware ID, and user-provided values.
This document summarizes a presentation on hijacking attacks on Android devices. It discusses various types of attacks such as visual spoofing, UI redressing through techniques like clickjacking and tapjacking, and the Chrome to Phone attack. It provides examples of these attacks and outlines some countermeasures to help protect against them, such as frame busters and setting filters to block obscured touch gestures. The presentation concludes by noting that UI redressing and clickjacking attacks pose serious dangers, and that more attacks are likely to emerge in the future.
Apple's implementation of TestFlight has a number of advantages. You no longer have to create a provisioning profile for ad hoc distribution, which also means that you don't need to specify which devices are allowed to run the test builds. To add testers, you mark team members as internal testers in iTunes Connect or invite external testers via email. Testers receive a TestFlight invitation to install the test build on their device from the native TestFlight app.
The document discusses mobile security and vulnerabilities. It begins with an introduction of the speaker, Dr. Ir. Stefaan Seys, and the agenda. It then covers topics like the relative security of Android, iOS, and Windows mobile platforms. Specific issues discussed include Android's challenges with updates, data storage vulnerabilities, jailbreaking/rooting risks, and threats involving insufficient transport layer protection and insecure data storage. Examples of past mobile vulnerabilities like Stagefright are provided.
This document provides an overview of iOS, Apple's mobile operating system. It discusses iOS's history from its introduction in 2007 with the iPhone 2G to the latest iOS 7 version. The document also describes iOS's core technologies including the OS layer, services layer, media layer and Cocoa Touch layer. Finally, it lists popular Apple products that run iOS like the iPhone, iPad and iPod touch as well as some commonly used iOS apps.
These slides were presented at GDG MeetUp in Bangalore which was held on 21st September 2013. Uploading the slides to help the people who wanted the slide Deck
iOS is a mobile operating system created by Apple that originally launched on the iPhone in 2007. It has since expanded to support iPod touch, iPad, and Apple TV devices. The operating system is updated annually and has added many new features over time, such as app store functionality, Siri voice assistant, iCloud services, and more. Applications available on iOS include native apps designed specifically for the platform, hybrid apps that are web-based but wrapped in a native container, and web apps that run within a mobile browser. Popular app categories include games, social media, productivity, entertainment, and more.
Android phones are vulnerable to threats like trojans, malware, and SMS scams since they have replaced PCs for many users. Apps can be installed from official stores like Google Play, third party app stores, or by sideloading APK files from other devices. To protect Android devices, users should install and regularly update antivirus software, run weekly security scans, avoid installing untrusted apps, and delete banking/OTP SMS messages promptly.
This document provides a checklist for hardening an Android device with various security settings and recommendations. It suggests forgetting unused Wi-Fi networks, turning off location services and Bluetooth when not in use, limiting saved SMS/MMS messages, updating to the latest OS version, and not rooting or installing apps from untrusted sources. It also recommends enabling encryption, auto-lock, and the Android Device Manager for remote wiping a lost device. Additional security measures mentioned include disabling network notifications and form auto-fill, and showing security warnings for visited sites.
Evolution of Android Operating System and it’s Versionsijtsrd
Android is a software stack for mobile devices that includes an operating system, middleware and key applications. It can be considered as a software platform as well as an operating system for mobile devices based on the Linux operating system and currently developed by Google. It is designed primarily for touch screens mobile devices such as smartphones and tablet computers. One of the most widely used mobile OS these days is android. It is free and open source software its source code is known as Android Open Source Project AOSP , which is primarily licensed under the Apache License. This Paper Contains android architecture consists of key applications, Application framework, Native libraries, Android runtime, DVM, Linux Kernal., Many versions of Android Operating System are KitKat, JellyBean, Honeycomb, Froyo etc… Advantages and Disadvantages of Android and also the conclusion. Aishwarya Gujar | Prof. Pratibha Adkar "Evolution of Android Operating System and it’s Versions" Published in International Journal of Trend in Scientific Research and Development (ijtsrd), ISSN: 2456-6470, Volume-5 | Issue-4 , June 2021, URL: https://www.ijtsrd.compapers/ijtsrd42519.pdf Paper URL: https://www.ijtsrd.comengineering/computer-engineering/42519/evolution-of-android-operating-system-and-it’s-versions/aishwarya-gujar
presentation on ANDROID by VIVEK GAUTAMVivek Gautam
Android is an operating system designed primarily for touch screen mobile devices such as smart phones and tablet computers, developed by Google in conjunction with the Open Handset Alliance.
There are 14 Shopping/Patching Days remaining until Christmas and only one more Patch Tuesday before Windows 7 and Server 2008/2008 R2 reach their inevitable end of support, unless you're among the 59% of IT professionals who still don’t have all of their users on Windows 10. Also make sure you update your Acrobat, Acrobat Reader, and Chrome versions as there are 21 CVEs in the Adobe release and 51 CVEs in Google’s releases this month.
Android is an open source operating system used primarily for smartphones and tablets. It was developed by Android Inc. which was later acquired by Google. Some key points about Android include:
- It is based on the Linux kernel and allows developers to write code using Java.
- It powers over 1 billion devices worldwide and has gone through numerous version updates over the years.
- Android is used not just for phones and tablets but also for devices like TVs, watches, microwaves and more, allowing for a variety of form factors.
- It provides features like multitasking, notifications and access to the Google Play store for apps.
This document provides an overview of the iOS operating system, including its version history, key features, and the App Store. It discusses the 5 major releases of iOS and how each introduced new capabilities. Some striking features highlighted are Notifications, Gestures, Location Services, Maps, and Bluetooth Services. The document also mentions iCloud and Game Center as part of the iOS ecosystem. It poses some general questions about iOS and provides an example proof of concept for how location-based features could be implemented.
«Инфосистемы Джет» оценила годовые потери российского бизнеса от мошенничестваAndrey Apuhtin
«Инфосистемы Джет» оценила годовые потери российского бизнеса от мошенничества. в период с 2014 по 2015 г. для кредитно-финансовой отрасли в совокупности данный показатель увеличился на 26,8%, что в рублевом эквиваленте превышает 8,9 млрд руб.;
в телекоммуникационном секторе по итогам 2015 г. наблюдается более умеренный рост потерь от мошеннических действий – 6,8% (более 21,75 млрд руб.);
Covert communication in mobile applicationsAndrey Apuhtin
This document describes a study on covert communication in mobile applications. The study found that 63% of external communication made by top popular free Android apps had no effect on user-observable app functionality. The study also developed a static analysis technique to detect covert communication. The technique achieved 93% precision and 61% recall compared to a dynamic analysis ground truth. When applied to additional apps, the technique identified covert connections that could be disabled with little to no impact on user experience in most cases. The document concludes covert communication is common in mobile apps and the static technique is effective for identifying and disabling unnecessary connections.
This document discusses the evolution of attacks on medical devices in hospitals, termed MEDJACK.2. It analyzes data from three case studies of hospital networks compromised through medical devices. The attackers hid advanced tools within old malware variants that exploited vulnerabilities in older Windows systems still used by some medical devices. This allowed the malware to infiltrate networks undetected. Once inside, medical devices were easy targets that provided backdoors for exfiltrating data over long periods. The document concludes hospitals remain highly vulnerable and recommends best practices to improve medical device and network security.
This document summarizes the results of a whole product dynamic "real-world" protection test conducted from February to June 2016. It tested 18 antivirus and internet security products on 1868 malicious URLs. The top performing products like F-Secure and Trend Micro blocked all threats without any system compromises. Products like Bitdefender, Kaspersky Lab and Avira blocked over 99% of threats with only a few user-dependent results. The test aims to simulate real-world browsing conditions and how well products can protect against internet-based malware threats.
The security of seven popular fitness trackers and the Apple Watch was tested. Some trackers had issues with Bluetooth visibility, authentication, and data tampering. Pebble Time, Microsoft Band 2, and Basis Peak were among the most secure, while Striiv Fusion, Xiaomi MiBand, and Runtastic Moment Elite had the most security risks due to inconsistencies with authentication, tampering protection, and encrypted data transmission. The Apple Watch was also found to be highly secure, though some encrypted data could be accessed with additional steps.
This document presents a draft code of conduct for cloud infrastructure service providers regarding data protection. It aims to guide customers in assessing whether cloud infrastructure services are suitable for processing personal data in accordance with EU data protection law. The code outlines requirements for CISPs around lawful processing, security, data subject requests, and transparency. It also discusses the different roles and responsibilities of different types of cloud service providers like IaaS, PaaS, and SaaS.
WhatsApp plans to transfer user data including phone numbers and usage history to Facebook for targeted advertising and other purposes. This proposed change would violate WhatsApp's privacy policy which stated user data would not be used or disclosed for marketing. EPIC and CDD filed an FTC complaint arguing the transfer of previously collected user data without consent constitutes an unfair and deceptive trade practice that should be investigated and enjoined by the FTC.
The xDedic marketplace allows criminals to purchase access to over 70,000 hacked servers from around the world for as little as $6 each. Russian-speaking hackers operate the forum and provide tools to help buyers access and manage the compromised servers. An analysis found the stolen servers hosted point-of-sale software, email providers, and other sites and services that could enable financial crimes and cyberattacks.
The document analyzes the security design of a hypothetical wearable fitness tracker called WearFit. It describes WearFit's system architecture, which includes a wearable device, mobile application, and website. It then analyzes how WearFit's design addresses each of the top 10 software security flaws, such as using authentication and authorization, validating data, using cryptography correctly, and considering external components and future changes. The analysis provides examples of how the design mitigates threats like denial of service attacks, compromising the device, falsifying health data, and stealing user data.
This document discusses securing apps and securing communication. It covers topics like secure network communication using TLS and SSL pinning, secure interprocess communication using URL schemes and universal links, securely storing data using the keychain and data protection APIs, and techniques for preventing data leakage. It provides an overview of the OWASP mobile security risks and recommends designing secure organizations through guidelines, training, testing, and secure development processes. Resources for mobile security tools and further reading are also included. The overall message is that security is an ongoing process rather than a single feature, and that no app is completely secure against a skilled attacker.
This 4-day training course covers iOS application development and security. Day 1 introduces iOS, Objective-C, and setting up development environments. Day 2 covers native, web, and hybrid mobile app types and the app development process. Day 3 discusses debugging, app store publishing, and iOS technologies. Day 4 focuses on application security best practices including data security, keychain usage, and penetration testing tools and techniques.
Presentation on conducting mobile device forensics without the use of expensive commercial tools, instead utilising FOSS alternatives. Conducting manual analysis makes you a better forensic analyst as well as helps to discover more potential evidence. From acquisition, to analysis, to malware disassembly, this presentation will provide a primer on all facets of mobile forensics.
WireLurker is a malware that infects both Mac OS X and iOS devices through compromised apps downloaded from unofficial app stores like Maiyadi. It monitors connected iOS devices and installs predefined apps using enterprise certificates to bypass security checks. Over 350,000 devices are estimated to be infected after 467 apps were downloaded from the Maiyadi store containing WireLurker. Users first reported strange app installations and behavior in forums in June 2014.
The document provides an overview of iOS security architecture and testing techniques for iOS applications. It discusses iOS security features like hardware security, secure boot, code signing, sandboxing and encryption. It also covers the iOS application structure, permissions, and potential attack surfaces like URL schemes, web views, and network communication. Testing tools like ZAP and Charles Proxy are introduced for analyzing network traffic of iOS apps.
Outsmarting Hackers before your App gets Hacked - iOS Conf SG 2016Subho Halder
Mobile App Security is an issue which isn’t given much priority while your app is in the development stage, as a result of which hackers are able to target your iOS app.
This talk will feature the most common security mistake developers do, and how to fix them easily. It will also cover different security & privacy enhancements provided by Apple such as SecKey API, Differential Privacy, Cryptographic Libraries, et cetera in iOS 10 which will enable developers to ship secure applications in the Appstore
This document summarizes a vulnerability in iOS that allows a malicious app installed via enterprise/ad-hoc provisioning to replace a previously installed app from the App Store if they share the same bundle identifier. It describes how an attacker could exploit this by social engineering a user to install a malicious app, which would then overwrite a legitimate app and potentially access its data or impersonate its interface. The document also outlines how this vulnerability presents a greater risk than on Android and discusses techniques used in proof-of-concept attacks, including bypassing a new alert in iOS 8 through URL scheme hijacking. It concludes with recommendations to mitigate the risk, such as always updating iOS and being wary of installing outside the App Store.
This presentation is about-
a)Core Syntax
b)Structure
c)Playgrounds,Variables,Constants,Print,Convert.
d)IF,Switch,Loop
e)Functions
f)Complex Types
g)Arrays
h)Dictionary,Tuples,Optional,Enum,Closures.
For more details visit -
http://vibranttechnologies.co.in/ios-classes-in-mumbai.html
The trending strategy of developing a business mobile app is proving a successful one for over a decade. Diverse industries have been making the most of mobility solutions for various purposes, be it going digital and improving the platform experience or enhancing customer services by bringing the services and products to the users’ fingertips.
Anyone not having an in-house dev team will hire a top iPhone application development company to build an app for Apple devices, targeting Apple users. This is called a native iOS app development process. Similarly, there is native Android app development to target Android users, and then comes cross-platform app development which helps to build mobile apps used by both iOS and Android users collectively.
The trending strategy of developing a business mobile app is proving a successful one for over a decade. Diverse industries have been making the most of mobility solutions for various purposes, be it going digital and improving the platform experience or enhancing customer services by bringing the services and products to the users’ fingertips.
Anyone not having an in-house dev team will hire a top iPhone application development company to build an app for Apple devices, targeting Apple users. This is called a native iOS app development process. Similarly, there is native Android app development to target Android users, and then comes cross-platform app development which helps to build mobile apps used by both iOS and Android users collectively.
iOS Application Development Step by Step to develop an iOS App.pdfJPLoft Solutions
At one point, companies typically contracted out mobile app development because of the constraints of budgets and timeframes. But, with the help of helpful tools for development and the software applications that perform the bulk of the work, many small-scale businesses are creating mobile apps on their own.
When it comes to raw numbers, iOS seems to be more secure compared to Android. This can be partially correct because Apple including their App store completely controls iOS. For Android, the story is a little different. Anyone can download the whole operating system and find loopholes and hack into apps easily. However, Android has drastically improved their security performance in the recent years with the release of Android O. It has stringent security guidelines and offers better security control over the past Android OS.
The presentation discusses the operating systems Android and iOS. It defines each OS and discusses their vulnerabilities. Android is an open-source, Linux-based OS used widely on mobile devices. iOS is a proprietary OS developed by Apple for its mobile devices. The presentation outlines some vulnerabilities for each OS, such as Android's customizability increasing security risks and iOS's ability to bypass lock screens. It also discusses how each OS approaches security, with Android relying on third-party security apps and iOS having a closed system. Finally, it analyzes how agile each OS is, finding Android more agile for file transfers and multitasking while iOS is more agile for secure transfers between devices.
08 10-2013 gtu projects - develop final sem gtu project in i phoneTOPS Technologies
The document discusses configuring an Xcode project for iPhone app development. It explains how to set the app identity, bundle ID, deployment target, architectures, base SDK, launch images, and create a team provisioning profile. It recommends finalizing properties like the bundle ID before submitting to the app store and describes how certain metadata cannot be changed after release. The document also provides tips for choosing deployment targets and debugging with devices.
Cracking app isolation on Apple devices is an intricate challenge due to the robust security measures implemented by the company. Apple employs a variety of mechanisms to ensure the isolation and integrity of applications, primarily through its sandboxing approach. Sandboxing restricts each app's access to system resources and other apps, limiting the potential damage that a compromised app could inflict on the device.
Top Mobile Application Penetration Testing Tools for Android and iOS.pdfElanusTechnologies
Mobile application penetration testing is used to evaluate the security of native mobile apps developed for Android and iOS. It involves testing data security both at rest and in transit, as well as identifying vulnerabilities using automated tools and manual techniques. Penetration testing can locate flaws in code, systems, applications, databases, and APIs to harden apps and prevent hackers from exploiting vulnerabilities. The document provides a list of important mobile application penetration testing tools for Android and iOS.
The document provides information about the mobile operating systems iOS and Android. It discusses their origins, developers, key features and usage statistics. iOS was developed by Apple and was launched in 2007 with the original iPhone. Android is an open source operating system developed by Google and launched in 2008. It discusses the differences in their architectures, available devices, market share and recent updates. It provides statistics that show Android's lead in market share but iOS gaming app purchases being higher.
The document summarizes Apple's announcements at WWDC 2014 regarding updates to the iOS and OS X platforms. Key updates include iOS 8 with over 4000 new APIs, improvements to the App Store like app bundles and previews, a new TestFlight app for beta testing, iCloud Drive for file storage across devices, enhancements to Xcode 6 like Swift support and adaptable UIs, new APIs for HealthKit, HomeKit and Touch ID, and free developer resources like Swift books and WWDC session videos. CloudKit was also introduced as a way for apps to have basic server-side functionality without backend infrastructure.
The document summarizes technical details about ShadowPad, a modular cyber attack platform deployed through compromised software. It describes how ShadowPad operates in two stages, with an initial shellcode embedded in legitimate software that connects to command and control servers. The second stage acts as an orchestrator for five main modules, including for communication, DNS protocols, and loading additional plugins. Payloads are received from the C&C server as plugins and can perform data exfiltration.
The Center for Democracy & Technology filed a complaint with the Federal Trade Commission requesting an investigation into Hotspot Shield VPN's data sharing and security practices. The complaint alleges that Hotspot Shield makes strong claims about not tracking or logging user data, but its privacy policy describes more extensive logging. It is also alleged that Hotspot Shield uses third-party tracking libraries to facilitate targeted advertisements, contradicting its promises of privacy and security.
Nexusguard d do_s_threat_report_q1_2017_enAndrey Apuhtin
This document provides a summary of DDoS attack trends in Q1 2017 according to Nexusguard's analysis. Key findings include a 380% increase in attacks compared to the previous year, with unusually large attacks on holidays such as Chinese New Year and Valentine's Day. HTTP floods became the most common attack vector. The US was the top source of attacks globally, while China was the top source in the Asia-Pacific region. Larger and more complex multi-vector attacks targeting both volumetric and application layers became more common.
The document summarizes cybersecurity trends in the financial services sector in 2016. Some key points:
1) The financial services sector remained the most attacked industry in 2016, experiencing 65% more attacks on average than other sectors. Common attack methods included SQL injection and command injection exploits.
2) While total attacks increased in 2016, average security incidents decreased for financial services organizations monitored by IBM.
3) Insider threats, both malicious and inadvertent, posed a larger risk than outsider attacks for financial services organizations. The majority of insider attacks were caused by inadvertent or compromised systems rather than malicious insiders.
This document provides a summary of CLDAP reflection DDoS attacks observed by Akamai between October 2016 and January 2017. It details the attack methods, timelines, largest attacks observed, affected industries, source distributions by country and ASN, mitigation recommendations including filtering port 389, and conclusions regarding CLDAP reflection as an emerging DDoS vector.
This document provides a technical analysis of Pegasus spyware samples found on Android devices. Pegasus for Android (called Chrysaor) shares many capabilities with the iOS version, including exfiltrating data from apps, remote controlling devices via SMS, audio surveillance, screenshot capture, and disabling system updates. It uses known Android exploits to gain root access and SMS, HTTP, and MQTT for command and control. The spyware is designed to evade detection and delete itself if detected. Analysis of the samples revealed how the malware infects devices, communicates with its operators, and surreptitiously collects information from infected phones.
This document summarizes a study on zero-day vulnerabilities and exploits. The study obtained rare access to data on zero-day vulnerabilities and exploits to analyze metrics like life status, longevity, collision rates, and development costs. Some key findings include: 1) exploits have an average lifespan of 6.9 years after discovery before being patched, but 25% will last less than 1.5 years and 25% will last over 9.5 years, 2) after 1 year, approximately 5.7% of vulnerabilities in a stockpile will be discovered and disclosed by others, and 3) once an exploitable vulnerability is found, the median time to develop a working exploit is 22 days. The results provide insights to inform policy debates on
The APWG recorded more phishing in 2016 than in any previous year. In the 4th quarter of 2016, there were over 277,000 unique phishing sites detected, representing a 65% increase in total phishing attacks for 2016 compared to 2015. Phishing attacks have increased dramatically over the past 12 years, with an average of over 92,000 attacks per month in the 4th quarter of 2016 compared to just 1,600 attacks per month in the 4th quarter of 2004. Fraudsters in Brazil are increasingly using social media and mobile apps to defraud users in addition to traditional phishing techniques, though many of the hosting infrastructure for these attacks are located outside of Brazil, particularly in the United States and
This document contains a list of websites categorized into different areas of interest: finance, gambling, e-commerce, dating, and other. Over 50 websites are listed related to online payment processing, gambling sites, major retailers, social media, travel, and dating platforms. The list appears to have been compiled from someone's browser history.
The document lists processes and components of different point of sale (POS) software, including BrasilPOS, cch tax14, cch tax15, AccuPOS, Active-Charge, ADRM.EndPoint.Service, AFR38, Aireus, Aldelo, alohaedc, APRINT6, Aracs, aRPLUSPOS, ASTPOS, AxUpdatePortal, barnetPOS, bt, BTFULL, callerIdserver, CapptaGpPlus, CashBox, CashClub, CashFootprint, and Catapult.
Processes and components antivirus lists the executable files and processes associated with major antivirus software programs. It includes the process names for antivirus programs from companies like Avast, AVG, Avira, ClamWin Antivirus, ESET, F-Secure, GData, GFI Antivirus, Kaspersky, MalwareBytes Antivirus, McAfee, Microsoft, Panda, Sophos, Symantec, Trend Micro, and WebRoot Antivirus. The list provides information on the core processes used by antivirus software to scan for malware, monitor systems for infections, and provide protection.
The document analyzes the prevalence and security impact of HTTPS interception by middleboxes and antivirus software. The researchers developed techniques to detect interception based on differences between the TLS handshake and HTTP user agent. Applying these techniques to billions of connections, they found interception rates over an order of magnitude higher than previous estimates, and that the majority (97-62%) of intercepted connections had reduced security, with 10-40% vulnerable to decryption. Testing of interception products found most reduced security and many introduced severe vulnerabilities. The findings indicate widespread interception negatively impacts security.
This bill directs the Administrator of the National Highway Traffic Safety Administration to conduct a study to determine appropriate cybersecurity standards for motor vehicles. The study would identify necessary isolation, detection, and prevention measures to protect critical software systems. It would also identify best practices for securing driving data. The Administrator would submit a preliminary report within 1 year and a final report within 6 months, including recommendations for adoption of standards and any necessary legislation.
A former employee of the Federal Reserve Board installed unauthorized software on a Board server to earn bitcoins through the server's computing power. The employee modified security safeguards to remotely access the server from home. When confronted, the employee initially denied wrongdoing but later remotely deleted the software to conceal actions. Forensic analysis confirmed the employee's involvement, resulting in termination and a guilty plea to unlawful conversion of government property. The employee was sentenced to 12 months probation and a $5,000 fine.
Microsoft released patches for over 100 vulnerabilities in Windows, Internet Explorer, and Edge in 2016. While the number of vulnerabilities exploited in Internet Explorer before patching declined, no vulnerabilities in the newer Edge browser were exploited. Windows 10 introduced new security features like Attack Surface Reduction that remove vulnerable components. Over 60 vulnerabilities were also patched in various Windows user-mode components, with remote code execution being the most common type.
Muddy Waters Capital is short St. Jude Medical due to serious cybersecurity vulnerabilities identified in STJ's implantable cardiac devices. Researchers were able to replicate attacks that could cause devices to malfunction dangerously or drain batteries. The vulnerabilities stem from a lack of security protections in STJ's device ecosystem, including hundreds of thousands of home monitoring units distributed without adequate safeguards. A cardiologist is advising patients to unplug monitors and delaying implants until issues are addressed, which could take STJ at least two years to remediate through a recall and system rework. The cybersecurity risks may result in litigation if exploits endanger patients.
UI5con 2024 - Bring Your Own Design SystemPeter Muessig
How do you combine the OpenUI5/SAPUI5 programming model with a design system that makes its controls available as Web Components? Since OpenUI5/SAPUI5 1.120, the framework supports the integration of any Web Components. This makes it possible, for example, to natively embed own Web Components of your design system which are created with Stencil. The integration embeds the Web Components in a way that they can be used naturally in XMLViews, like with standard UI5 controls, and can be bound with data binding. Learn how you can also make use of the Web Components base class in OpenUI5/SAPUI5 to also integrate your Web Components and get inspired by the solution to generate a custom UI5 library providing the Web Components control wrappers for the native ones.
Malibou Pitch Deck For Its €3M Seed Roundsjcobrien
French start-up Malibou raised a €3 million Seed Round to develop its payroll and human resources
management platform for VSEs and SMEs. The financing round was led by investors Breega, Y Combinator, and FCVC.
Unveiling the Advantages of Agile Software Development.pdfbrainerhub1
Learn about Agile Software Development's advantages. Simplify your workflow to spur quicker innovation. Jump right in! We have also discussed the advantages.
Using Query Store in Azure PostgreSQL to Understand Query PerformanceGrant Fritchey
Microsoft has added an excellent new extension in PostgreSQL on their Azure Platform. This session, presented at Posette 2024, covers what Query Store is and the types of information you can get out of it.
E-Invoicing Implementation: A Step-by-Step Guide for Saudi Arabian CompaniesQuickdice ERP
Explore the seamless transition to e-invoicing with this comprehensive guide tailored for Saudi Arabian businesses. Navigate the process effortlessly with step-by-step instructions designed to streamline implementation and enhance efficiency.
Top Benefits of Using Salesforce Healthcare CRM for Patient Management.pdfVALiNTRY360
Salesforce Healthcare CRM, implemented by VALiNTRY360, revolutionizes patient management by enhancing patient engagement, streamlining administrative processes, and improving care coordination. Its advanced analytics, robust security, and seamless integration with telehealth services ensure that healthcare providers can deliver personalized, efficient, and secure patient care. By automating routine tasks and providing actionable insights, Salesforce Healthcare CRM enables healthcare providers to focus on delivering high-quality care, leading to better patient outcomes and higher satisfaction. VALiNTRY360's expertise ensures a tailored solution that meets the unique needs of any healthcare practice, from small clinics to large hospital systems.
For more info visit us https://valintry360.com/solutions/health-life-sciences
8 Best Automated Android App Testing Tool and Framework in 2024.pdfkalichargn70th171
Regarding mobile operating systems, two major players dominate our thoughts: Android and iPhone. With Android leading the market, software development companies are focused on delivering apps compatible with this OS. Ensuring an app's functionality across various Android devices, OS versions, and hardware specifications is critical, making Android app testing essential.
Microservice Teams - How the cloud changes the way we workSven Peters
A lot of technical challenges and complexity come with building a cloud-native and distributed architecture. The way we develop backend software has fundamentally changed in the last ten years. Managing a microservices architecture demands a lot of us to ensure observability and operational resiliency. But did you also change the way you run your development teams?
Sven will talk about Atlassian’s journey from a monolith to a multi-tenanted architecture and how it affected the way the engineering teams work. You will learn how we shifted to service ownership, moved to more autonomous teams (and its challenges), and established platform and enablement teams.
UI5con 2024 - Boost Your Development Experience with UI5 Tooling ExtensionsPeter Muessig
The UI5 tooling is the development and build tooling of UI5. It is built in a modular and extensible way so that it can be easily extended by your needs. This session will showcase various tooling extensions which can boost your development experience by far so that you can really work offline, transpile your code in your project to use even newer versions of EcmaScript (than 2022 which is supported right now by the UI5 tooling), consume any npm package of your choice in your project, using different kind of proxies, and even stitching UI5 projects during development together to mimic your target environment.
UI5con 2024 - Boost Your Development Experience with UI5 Tooling Extensions
Apple threat-landscape
1. SECURITY RESPONSE
A rising number of threat actors have begun developing
malware designed to infect devices running Mac OS X or iOS.
The Apple threat landscape
Dick O’Brien
Version 1.0 – December 8, 2015
2. CONTENTS
OVERVIEW...................................................................... 3
Apple ecosystem security.............................................. 5
Mac OS X malware....................................................... 10
iOS malware................................................................. 16
Attack vectors.............................................................. 18
Mac OS X vulnerabilities.............................................. 20
iOS vulnerabilities........................................................ 24
Apple ID security.......................................................... 25
Conclusion.................................................................... 27
Protection..................................................................... 27
Appendix ..................................................................... 29
3. Apple devices have experienced a surge in popularity in recent years. According to IDC, the
company now accounts for 13.5 percent of global smartphone shipments and 7.5 percent
of global PC shipments. This increase in usage has not gone unnoticed by attackers. A rising
number of threat actors have begun developing malware designed to infect devices running
Mac OS X or iOS.
Although the number of threats targeting Apple operating systems remains quite low when
compared to the company’s main competitors (Windows in the desktop space and Android
in mobile), the amount uncovered has grown steadily in recent years. In tandem with this,
the level of Apple-related malware infections has spiked, particularly in the past 18 months.
Security researchers have also given a greater focus on vulnerabilities in Apple software,
with a number of high-profile flaws uncovered in the past year. Zero-day brokers have
begun offering bounties for Apple vulnerabilities, with US$1 million paid recently for a
jailbreak of iOS 9.1.
Should Apple continue to grow in popularity, it seems likely that these trends will continue.
Consequently, Apple users should not be complacent about security. They need to take
precautions in order to prevent their devices from being compromised.
OVERVIEW
4. Greater security
is, in part, one of
the motivations
behind the design
of this software
ecosystem.
APPLE ECOSYSTEM SECURITY
5. Page 5
The Apple threat landscape
Apple ecosystem security
Apple maintains a stronger degree of control over the software that users may install on their devices when
compared to other platforms. Greater security is, in part, one of the motivations behind the design of this
software ecosystem. The company has progressively moved towards a model where hardware and operating
system are closely tied, and end users by and large acquire software from the official App Store.
Although the underpinnings of both of Apple’s operating systems (iOS and Mac OS X) are based on very similar
kernel and user-space frameworks, iOS features are increasingly arriving on Mac OS X as well. As these two
operating systems converge, there is an increased probability that attacks targeting one Apple OS could affect
the other.
The “walled garden”
Apple Mac computers are shipped with Mac OS X preinstalled, and the hardware and operating system are
marketed as a single package. Since 2006, the Boot Camp feature of Mac OS X permits users to create a dual-
boot system on which they can also run Windows. While other operating systems can be installed, Windows
is the only alternative supported by Boot Camp. Conversely, Mac OS X cannot be installed on third-party
computers.
Similarly, Apple’s mobile operating system–iOS–is only distributed on Apple devices. The platform’s main rival is
Google Android, which is open source and may be used by any device developer.
Beyond the operating system, Apple has steadily increased the control it exerts over what software may be
installed on its devices. This “walled garden” approach began with the introduction of iOS in the first iPhone.
Initially, iOS did not permit the installation of third-party apps. However, in 2008, Apple released an iOS
Software Development Kit (SDK) for third-party developers. Version 2.0 of the operating system introduced the
ability to install third-party apps.
The App Store
Apple retained oversight over which third-party apps the user could install by creating its own distribution
platform: the App Store. iOS users can only install apps distributed through this channel or a small number of
authorized private sources (as detailed in the “Alternative iOS distribution platforms” section of this report). In
order for an app to be listed on the App Store, it must first be approved by Apple.
Users can bypass this restriction by “jailbreaking” their iOS device, which essentially involves taking advantage
of privilege escalation vulnerabilities to gain root access and then replacing parts of the system applications.
Although jailbreaking permits the user to install a greater range of software, it is a security risk as the user
could inadvertently install malware that is packaged with or disguised as legitimate software. We have seen that
pirated games distributed through unofficial markets for jailbroken iPhones often contain malware.
Security breaches
One of the most serious security breaches that affected the App Store occurred in September 2015, when it
was discovered that a large number of Trojanized iOS apps were being hosted on the service. The apps were
developed using a malicious version of Xcode, Apple’s software developer environment for iOS and Mac OS X
apps.
While the company makes Xcode freely available, developers in China experienced difficulties downloading it
directly from Apple. As a result, some of the developers resorted to downloading unofficial copies hosted on local
sites. Unbeknownst to the developers using it, attackers modified one such Xcode package to insert malicious
code in any app that was created using the affected copy.
Dubbed XcodeGhost (detected by Symantec as OSX.Codgost on Mac OS X computers and IOS.Codgost on iOS
devices), this tainted copy of Xcode configured apps to collect information on devices and upload that data to
command-and-control (C&C) servers. In addition to this, the Trojanized apps are capable of receiving commands
from C&C servers in order to carry out phishing attacks. A large number of apps created using XcodeGhost
6. Page 6
The Apple threat landscape
managed to bypass Apple’s own security checks and were hosted on the official App Store, demonstrating
that the screening process does not a guarantee a malware-free App Store. In November, a new variant of
XcodeGhost was discovered in unofficial versions of Xcode 7, which enables developers to create applications for
iOS 9, Apple’s latest version of iOS.
In a bid to avoid further incidents, Apple said that it will offer locally hosted downloads of Xcode to Chinese
developers in the future.
In October 2015, 256 iOS apps were removed from the App Store after an advertising SDK that they used was
responsible for sending back personal and device information without users’ knowledge or consent. The SDK,
known as Youmi, collected the following information:
• A list of all applications installed on the iOS device
• The platform serial number of iPhones and iPads running older versions of iOS
• A list of hardware components and the serial numbers for devices running new versions of iOS
• The Apple ID email address associated with the iOS device
There is no indication that any app developer who used the Youmi SDK in their products was aware of the kit’s
malicious behavior. Apple said that it would no longer accept apps developed using the Youmi SDK.
Alternative iOS distribution platforms
Aside from the App Store, there are a few alternative Apple-sanctioned sources for apps. The Apple Developer
Enterprise program allows organizations to distribute proprietary iOS apps to internal employees. Distribution
can be handled by either hosting the app on a server belonging to the organization or using a third-party mobile
device management (MDM) tool.
Another alternative platform is the Volume Purchase Program for Business. This allows developers to restrict
the distribution of apps to authorized buyers. Apps are privately distributed to identified customers through the
Business version of the App Store.
Attacks leveraging alternative platforms
These alternative platforms have, on occasion, been leveraged by attackers to distribute malware to iOS
devices. For example, the YiSpecter Trojan (detected by Symantec as iOS.Specter) used the Developer Enterprise
framework to create malicious apps which could be installed on Apple devices. The malware was packaged and
signed with legitimate enterprise certificates, allowing it to be installed directly onto a device without being
listed on the App Store.
How the attackers acquired the enterprise certificates remains unknown. They may have registered themselves
as developers, paying the required fee and passing the vetting process. Alternatively, they could have partnered
with a registered developer or stolen the certificates from legitimate developers.
Malicious apps that have obtained legitimate enterprise certificates can be promoted in forums. They could also
be linked to in social-engineering text messages or emails that are sent to potential victims. Even when using
enterprise certificates to sign malware, attackers still have several hurdles to jump before they can successfully
install malware on an iOS device. In older versions of iOS, the first time an end user installs an enterprise-signed
app, they receive a prompt asking them if they trust the app.
Following the release of iOS 9 in 2015, this security measure has been strengthened. When the end user opens
an app they’ve manually installed, they receive a notification that the developer of the app isn’t trusted on their
device. While the user can dismiss this message, they can’t open the app until they have confirmed that they
trust the developer in the Settings app.
Mac App Store
The relative success of the iOS App Store has prompted Apple to move in the same direction with regard to Mac
OS X applications with the launch of the Mac App Store in 2011. Apple vets all apps submitted to the Mac App
Store and provides a range of guidelines that developers must follow. Unlike its iOS equivalent, the Mac App
7. Page 7
The Apple threat landscape
Store is not an exclusive distribution platform, as third-party apps from other sources can be installed on Mac
OS X computers. However, Apple has progressively tightened security around third-party Mac OS X applications
and has indicated that it will continue to do so in the future.
Gatekeeper
While the walled garden
approach is most developed
in the iOS marketplace, Apple
has steadily increased the
level of security around what
can be installed on computers
running Mac OS X. Introduced
in September 2012 as an
update to OS X 10.7 “Lion”,
Gatekeeper is a feature
that allows Mac OS X users
to automatically block the
opening of applications from
untrusted sources.
Gatekeeper provides the user
with three options. The first
will only permit apps that have
been downloaded from the Mac
App Store to be opened. The
second option, which has been
the default since OS X 10.8
“Mountain Lion”, only permits
the opening of apps that have
either been downloaded from
the Mac App Store or from
developers who have received
a unique Developer ID from
Apple and use it to digitally
sign their apps.
The third option permits
the user to run applications
regardless of their origin.
This effectively means that
Gatekeeper has been turned
off. Even when this setting has
been selected, Gatekeeper will
still block apps that have been
signed with a Developer ID but
have been altered or tampered
with after they were signed.
Gatekeeper does allow a
user to override its settings by right clicking on the app and opening it from the context menu. The user will be
presented with a warning prompt, giving the choice of opening the app or cancelling the action.
While Gatekeeper provides the user with considerable scope for bypassing its security features, administrators
can lock down computers to prevent this from happening. For example, changing Gatekeeper options requires
Figure 1. Gatekeeper can help to prevent potentially malicious apps
from running on Mac OS X
8. Page 8
The Apple threat landscape
an administrator password. Opting to override Gatekeeper on a case-by-case basis also requires administrative
privileges.
It should be noted that Gatekeeper only monitors applications downloaded from the internet. Apps installed
form other sources such as USB drives will not be prevented from running.
Weaknesses in Gatekeeper
Weaknesses have been discovered in Gatekeeper from time to time. For example, in September 2015,
a vulnerability was found which could allow an attacker to secretly install malicious software on an affected
computer by bundling the threat with a legitimate application.
The vulnerability was uncovered by security researcher Patrick Wardle, who found that Gatekeeper could be
bypassed by including an unsigned malicious file in the same directory of a legitimate signed app.
According to Wardle, Gatekeeper only carried out checks on the parent file, which was the signed app. If the
application was executed, the malicious file would also run unchecked. Wardle said that the vulnerability affects
the current version−OS X El Capitan−and its predecessor, OS X Yosemite (10.10).
At the time of writing Apple is reported to be working on a short-term mitigation measure as a stop gap until a
full patch is released.
File Quarantine
Introduced in OS X 10.5 Leopard, File Quarantine is a security measure that quarantines files that applications
have downloaded from the internet. Quarantine-aware applications such as Safari, Messages, iChat, and Mail
will generate a warning to the user, asking if they are sure they want to open the file.
From OS X 10.6 Snow Leopard onwards, a File Quarantine feature known as XProtect also checks downloaded
files for known malware before the user opens them.
System Integrity Protection
The release of OS X 10.11 El Capitan in September 2015 saw the introduction of further security tightening in
the form of System Integrity Protection. This bundled a number of measures designed to restrict the access
of poorly designed or malicious software to system locations and processes. One of the biggest changes that
System Integrity Protection introduced was the removal of unlimited access to all parts of the system given to
root accounts, a legacy of Mac OS X’s origins as Unix-based operating system.
Among the changes included in System Integrity Protection are:
• File system protections: System locations can no longer be written to, even by root accounts. Instead, system
files can only be modified by processes signed with Apple’s own code-signing identity. Processes belonging to
apps now have to write to locations designated for third-party developers.
• Runtime protections: Third-party applications can no longer attach themselves to system processes. Now,
system binaries can only be modified either by an Apple Installer or Software Update from Apple-provided
packages. Runtime attachment or code injection by third-party apps is no longer possible.
• Kernel extensions: Kernel extensions (aka kext) must now be signed with a valid Apple Developer certificate.
System Integrity Protection can be disabled. However, doing so requires the user to boot to the Mac OS X
recovery partition and run a command there.
9. Along with malicious
software, the
number of new
adware risks and
potentially unwanted
or misleading
applications for Mac
OS X has increased
steadily in recent
years.
MAC OS X MALWARE
10. Page 10
The Apple threat landscape
Mac OS X malware
Contrary to some beliefs, the Mac OS X environment is not free from malware. Cybercriminals have become
aware of the increasing popularity of Apple Mac computers in recent years.
Symantec telemetry has shown a significant upsurge in threat and risk detections on Mac OS X computers since
midway through 2014. There are several factors influencing this rise.
Along with malicious software, the number of new adware risks and potentially unwanted or misleading
applications for Mac OS X has increased steadily in recent years. A number of these new security risks have been
distributed widely. For example, protection for the misleading application SearchProtect (detected by Symantec
as OSX.SearchProtect) was created on June 30 2014 and has since become the Mac OS X risk most frequently
detected by Symantec.
Similarly, Symantec detection for another potentially unwanted application known as Genieo was created on July
10 2014 and it has since gone on to record a high number of installations. Other prolific threats included OSX.
Sudoprint (created August 4 2015) and OSX.WireLurker (created November 6 2014).
The overall trend is similar to what has been observed by other vendors. For example, a recent study by Bit9 +
Carbon Black found that the number of Mac OS X malware samples it detected in 2015 was five times greater
than in the previous five years combined.
Adware, and unwanted and misleading applications
While the number of infections on Mac OS X computers has increased dramatically over the past year, a
significant amount of this spike has been accounted for by nuisance applications, such as adware, and
potentially unwanted or misleading applications.
Figure 2. Malware infections and security risk detections on unique computers running Mac OS X
from January 2014
11. Page 11
The Apple threat landscape
Although these
programs have a
high prevalence,
they present a lower
degree of risk to the
end user compared
to Trojans or other
categories of malware,
since their purpose
is usually to perform
less harmful activities
such as modifying the
default search engine
on web browsers or
displaying ads.
While adware, and
unwanted and
misleading application
infections accounted
for much of the surge
in infections between
June 2014 and March
2015, recent months
have seen a significant
uptick in infections
involving other forms
of malware.
New threats
Although still small in terms
of overall malware numbers,
the number of new Mac OS X
threats discovered annually
is trending upwards.
The increase in threats
targeting Mac users may,
in part, be driven by the
growing popularity of Apple
platforms. For example,
Mac OS X’s market share
now stands at 8 percent,
almost double what it was
seven years ago. Continuing
growth for Apple will mean
that a greater proportion of
attackers will stop regarding
the company’s desktop OS
as a niche market and begin
targeting it more often.
A growing number of
cybercriminals, corporate
espionage groups and state-sponsored intelligence operations have begun targeting Apple users with malware
designed to run on Mac OS X. As far back as 2011, specialist Mac OS X malware creation toolkits were beginning
to be developed, such as the Weyland-Yutani BOT toolkit, believed to be the first to target the platform.
Figure 3. Proportion of adware, and unwanted and misleading application detection
s compared with malware detections
Figure 4. Number of new Mac OS X threats documented by Symantec by year
12. Page 12
The Apple threat landscape
Ransomware has presented a significant threat in recent years but attackers have, to date, largely focused on
Windows users. Macs have on occasion been targeted with ransomware in the form of browser-based threats.
There have been instances of malicious websites targeting Safari for Mac users, with JavaScript causing the
browser to display persistent pop-ups informing the user that the FBI had “locked” Safari as it was used to view
illegal content.
In November 2015, a proof-of-concept (PoC) threat known as Mabouia (detected by Symantec as OSX.
Ransomcrypt) was developed by Brazilian cybersecurity researcher Rafael Salema Marques to highlight the fact
that Macs may not be immune to the threat of ransomware.
Marques shared a sample of the ransomware with Symantec and Apple. Symantec’s analysis has confirmed that
the PoC is functional. While the threat could be used to create working Mac OS X crypto ransomware if it fell into
the wrong hands, Marques said he has no intention of publicly releasing the malware, though his experiment
may ultimately inspire others.
Figure 5. While malcode threats are less prevalent, their infections can be more damaging.
13. Page 13
The Apple threat landscape
Butterfly: Corporate espionage attacks
A growing number of high-level attack groups have begun to broaden their capabilities by developing or
acquiring malware designed to run on Apple platforms. For example, Butterfly, a corporate espionage group
uncovered by Symantec in 2015, has a suite of custom malware tools capable of attacking both Windows and
Apple computers
The group has used different pieces of malware, all of which appear to be internally developed. Its primary tools
are two back door Trojans. OSX.Pintsized is capable of opening a back door on Mac OS X computers. Its Windows
counterpart is Backdoor.Jiripbot.
OSX.Pintsized is a modified version of OpenSSH that runs on Mac OS X, and contains additional code to read two
new arguments and an embedded RSA key. The two additional arguments are “-z” and “-p”, which are used to
pass a C&C server address and port respectively. The back door has also been observed using a very basic Perl
script that opens a reverse shell.
The group is not affiliated to any nation state and appears to be financially motivated. It has attacked major
corporations operating in the internet, IT software, pharmaceutical, and commodities sectors. Twitter, Facebook,
Apple, and Microsoft are among the companies which have publicly acknowledged that they were targeted by the
group. The campaign against Apple involved the compromise of a number of employees’ Mac OS X computers.
Apple said that the exploit was delivered through a “site aimed at iPhone developers.”
WireLurker
One of the most significant recent threats targeting Apple users was WireLurker (detected by Symantec as OSX.
Wirelurker).
Discovered in November 2014, the malware was used to Trojanize several hundred Mac OS X applications on the
Maiyadi App Store, a third-party Mac app store in China. These Trojanized applications could then infect any iOS
device that connects to the computer through a USB cable. The iOS device does not need to be jailbroken to be
infected.
Once installed on an iOS device, WireLurker is capable of stealing information, such as contacts and messages,
and uploading the data to a C&C server.
It is believed that some 467 Mac OS X applications on the Maiyadi App Store were compromised with WireLurker
and these applications were downloaded more than 300,000 times. Since its discovery, Symantec has blocked
over 2,000 WireLurker instances. A similar tactic was also used by the Hacking Team in order to infect its
targets.
SearchProtect
SearchProtect (detected by Symantec as OSX.SearchProtect and OSX.Searchprotect!gen1) is the Mac OS X
risk most frequently detected by Symantec over the past three years. SearchProtect is classed as a misleading
application, since it carries out actions that the user may not have requested. In this case the app modified web
browsers’ default search engine.
This misleading app must be manually installed by the end user and is usually bundled with third-party installers
or download managers.
14. Page 14
The Apple threat landscape
Sudoprint
Sudoprint (detected by Symantec as OSX.Sudoprint) is a Trojan horse that exploits the Apple Mac OS X DYLD_
PRINT_TO_FILE Local Privilege Escalation Vulnerability (CVE-2015-3760) and may perform malicious activities
on the compromised computer.
The DYLD_PRINT_TO_FILE vulnerability was disclosed in July 2014 by German security researcher Stefan Esser.
The vulnerability occurred in the Mac OS X dynamic linker, DYLD. New features in DYLD were introduced in OS
X 10.10, one of which was DYLD_PRINT_TO_FILE. This feature did not contain the usual safeguards for dynamic
linker variables and, as a result, it afforded an easy means for the escalation of privileges.
The vulnerability attracted the attention of attackers, leading to the discovery of the Sudoprint Trojan in early
August. The malware exploited the vulnerability to ensure that the attacker was not asked for a password for
privileged operations on the targeted computer, enabling them to perform malicious activities without detection.
This example highlights the fact that not all threats targeting Mac OS X rely on manually installing the malware
or tricking the user into revealing their password.
Apple patched the vulnerability with the release OS X 10.10.5 on August 13, 2015. This update appears to have
quelled activity around the Sudoprint malware, with no infections logged by Symantec since September 2015.
Genieo
Genieo (detected by Symantec as Genieo and OSX.Genieo!gen1) is classed as a potentially unwanted
application, since it may be bundled with other app installers, and carries out actions that the user may not have
requested. In this case the application installs a browser extension that changes the browser’s default search
engine. Genieo makes a user’s search query appear to be carried out using Google Search but the results will be
from genieo.com.
Symantec and Norton products have blocked the application since July 2014. Genieo behaves similarly to the
aforementioned SearchProtect and has also accounted for a significant number of Mac OS X infections.
RSPlug
RSPlug (detected by Symantec as OSX.RSPlug.A) is one of the most widely detected Mac OS X Trojans. The
malware alters the domain name system (DNS) settings on a compromised computer which can be used to
redirect the user to a malicious DNS server.
Legitimate DNS servers will translate internet address names to the IP addresses associated with them. A
malicious DNS server can reroute traffic to destinations of the attackers’ choosing, such as fake websites
designed to steal credentials or websites capable of installing malware on the victim’s computer.
RSPlug is one of the earlier examples of how attackers create Mac OS X variants of Windows threats. In this
instance, RSPlug is a variant of the Windows Flush Trojan (detected by Symantec as Trojan.Flush.A). Flush was
circulating for several years before its Mac OS X variant appeared.
15. The number
of iOS threats
discovered to date
remains quite
small, although
it is beginning to
increase...
IOS MALWARE
16. Page 16
The Apple threat landscape
iOS malware
The number of iOS
threats discovered
to date remains
quite small, although
it is beginning
to increase, with
seven new threats
discovered in 2015
so far. This is up
from the previous
high of three in
2014.
Attackers targeting
the mobile operating
system need to
find a way to install
malware on a device,
which can represent
a significant hurdle.
Many threats are
installed when the target connects their device to a compromised desktop computer. Jailbroken devices present
more opportunities for attacks, as many threats are designed to take advantage of jailbroken phones.
Figure 6. Number of new iOS threats that Symantec documented by year
Figure 7. Jailbroken devices present more opportunities for compromise and are at greater risk of attack.
17. Page 17
The Apple threat landscape
KeyRaider
• Affects Jailbroken: Yes
• Affects Non-Jailbroken: No
One of the most potent iOS threats to emerge during 2015 was KeyRaider (detected by Symantec as IOS.
Keyraider), a Trojan that was used to steal an estimated 225,000 Apple IDs and passwords.
The malware highlights the risk posed by jailbreaking an iOS device, as the threat was designed to target
jailbroken devices. KeyRaider is distributed inside repackaged apps (i.e. free copies of commercial games and
apps) on app marketplaces for jailbroken phones. Once running on an infected device, the Trojan intercepts
iTunes traffic and steals the user’s login credentials, device GUID, Apple push notification service certificates
and private keys, and iTunes purchase receipts. This information is then sent to a remote server.
Xagent
• Affects Jailbroken: Yes
• Affects Non-Jailbroken: No
Advanced persistent threat (APT) groups have begun to broaden their scope and have shown an interest in Apple
platforms in recent years. An example of this is an attack group called Operation Pawn Storm (also known as
APT28, Sednit, Fancy Bear, or Tsar Team). The group is believed to have ready access to zero-day vulnerabilities
and may be responsible for an iOS threat called Xagent (detected by Symantec as IOS.Xagent).
Xagent is a Trojan that opens a back door and steals information from the compromised device. It has a broad
range of capabilities. An attacker can command it to record audio, take screenshots, upload and download
files, and list files and running processes on the device. It can also harvest information such as SMS messages,
contacts, photos, geolocation data, a list of installed applications, and network status. It can then send the
gathered data to a remote location.
The Trojan is used in a highly targeted manner and is believed to be installed on iOS devices through
compromised desktop computers. The device may be infected when plugged into an infected computer. The
exact method used to install Xagent is unknown, but it is only capable of infecting jailbroken devices.
Oneclickfraud
• Affects Jailbroken: Yes
• Affects Non-Jailbroken: Yes
The Oneclickfraud Trojan (detected by Symantec as IOS.Oneclickfraud) is another example of how threat actors
have begun to target multiple platforms by developing variants of malware for several operating systems.
Oneclickfraud was discovered by Symantec in May 2015 and targets iOS devices, attempting to trick users into
paying for a subscription service.
The malware is distributed through malicious adult video websites. Victims may be directed to one of these sites
either by clicking on a link in a spam email or stumbling across it while conducting an internet search. If the
visitor clicks on a “play” button next to a video, they are presented with a pop-up window asking them to install
an app. If they do this, their device becomes infected with the Oneclickfraud Trojan.
The malware is capable of infecting jailbroken and non-jailbroken devices. Symantec believes that the attackers
abuse the Apple Developer Enterprise Program to enable their app to be installed on the device. During
installation, the device notifies the user that the app comes from an untrusted developer and asks them if they
wish to trust the app. The app can only run if marked trusted.
When launched, the app displays a membership page for an adult video site. The app then claims that the user
has signed up for a subscription to the site and must now pay for this.
The iOS variant of this malware behaves in exactly the same was as its Android equivalent (detected by
Symantec as Android.Oneclickfraud), which first appeared three years previously.
18. Page 18
The Apple threat landscape
Passrobber
• Affects Jailbroken: Yes
• Affects Non-Jailbroken: No
Another example of the risk posed by jailbreaking iOS devices is Passrobber (detected by Symantec as IOS.
Passrobber), an information-stealing Trojan horse that was discovered in 2014.
The malware runs on jailbroken iOS devices that have installed Cydia Substrate (formerly known as Mobile
Substrate), an app that enables customization and modification of software on jailbroken devices.
The Passrobber Trojan is capable of intercepting outgoing SSL communications. It checks for Apple IDs and
passwords, and can send these stolen credentials to a C&C sever.
Attack vectors
Apple devices can be infected with malware through a range of different vectors. However, since Apple desktop
and mobile operating systems have a minority market share, the risk of attack is not as high as is it with more
common operating systems such as Windows or Android.
Spam email campaigns are one of the most common attack vectors. However, generally speaking, attackers
behind these campaigns aim to maximize infection numbers and consequently focus on distributing Windows-
based malware.
Apple malware is less likely to be indiscriminately spread in this fashion and instead may be distributed through
emails in limited, targeted attacks against an individual or organization.
Exploit kits
Exploit kits are another attack vector used for wide-ranging campaigns. None of the major exploit kits currently
in use (such as Angler, Rig, Nuclear, or Magnitude) are known to include exploits specifically targeting Apple
operating systems.
However, the major kits do exploit vulnerabilities in a number of cross-platform software packages such as Flash
or Java. In theory, this means that Mac OS X users are vulnerable to exploit kits too. However, there doesn’t
appear to be any current major exploit kit campaigns serving Mac OS X malware as a payload. By and large,
attackers again appear to be focused on maximizing infection numbers by serving Windows-based malware.
Nevertheless there some examples of smaller-scale exploit kit attacks targeting Mac OS X users. For example,
in 2012 F-Secure discovered an exploit kit hosted on a compromised Columbian transport website that checked
if the visitor was running Windows, Mac OS X, or Linux. If the kit successfully exploited a vulnerability on any of
these platforms, then it dropped a different payload tailored for each operating system.
19. In most years,
the number of
new Mac OS X
vulnerabilities has
been lower than the
number of Windows
vulnerabilities
found.
MAC OS X VULNERABILITIES
20. Page 20
The Apple threat landscape
Mac OS X vulnerabilities
The amount of new Mac OS X vulnerabilities emerging has remained relatively steady in recent years, at a rate of
between 39 and 70 per year. In most years, the number of new Mac OS X vulnerabilities has been lower than the
number of Windows vulnerabilities found. The greater numbers of Windows vulnerabilities may be reflective of
the larger market share that the Microsoft operating system enjoys, prompting a greater level of scrutiny from
attackers and security researchers.
A number of new Mac OS X vulnerabilities have drawn considerable public attention in 2015, mainly because of
the threat that a successful exploit could pose to users.
Multiple cross-app resource access (XARA) vulnerabilities
Four separate vulnerabilities in Apple products were disclosed in June 2015 by a team of researchers based in
the University of Indiana. The researchers discovered that the flaws allowed a malicious app to bypass security
controls and steal sensitive data from other apps.
Apps installed through Apple’s Mac App Store and iOS App Store are normally confined to a sandbox. These
apps are granted limited privileges and if they need to access any additional resources outside of their own
container, then they need to get the user’s permission first. However, the following four vulnerabilities allowed
unauthorized access to be granted, which the research team referred to as cross-app resource access (XARA)
attacks.
• Password stealing vulnerability: Apple operating systems have a secure password storage feature known as
Keychain which lets the user save and retrieve passwords for various apps and online services. One of the four
vulnerabilities allowed a malicious app to create a preemptive keychain entry for another app. If the targeted
Figure 8. Mac OS X and Windows vulnerabilities discovered by year
21. Page 21
The Apple threat landscape
app was not present on the computer and the user subsequently installs the app, its credentials were stored
on the keychain entry created by the malicious app. If the targeted app was already installed, a malicious app
could have deleted its existing keychain entry and created a new one, which the user would have re-entered
their credentials to the next time they accessed the targeted app.
• Container cracking: A second vulnerability allowed a malicious app to gain access to the secure container
belonging to another app and steal data from it. Each app container is given a unique identity known as a
Bundle ID (BID).The Mac App Store doesn’t allow submitted apps to use a BID that’s already been used by
another app. However, a problem occurred with sub-targets, which are apps that work embedded in another
app such as extensions, frameworks, or helper programs. The Mac App Store did not verify if a sub-target’s BID
was identical to those belonging to other apps or their sub-targets. An attacker could have used a malicious
app with sub-targets that included BIDs belonging to other apps or their sub-targets. This could have allowed
the malicious app to gain full access to another app’s container.
• Inter-process communication (IPC) interception vulnerability: A further vulnerability lay in the fact that
that cross-app IPC channels on Mac OS X and others deployed across platforms such as WebSocket contain
flaws which exposed critical information. For example, WebSocket is used to establish a connection between
a server and a client. A malicious app could have claimed the port used by a legitimate application and
intercepted data intended for it, such as passwords or other sensitive information.
• Scheme hijacking vulnerability: The fourth vulnerability related to the URL scheme that apps use to pass
data to another app. For example, URLs beginning with “mailto” direct data to the Mail app. The vulnerability
allowed a malicious app to hijack a scheme, which meant data sent to the target app would have been received
by the malware instead. This could have facilitated the theft of access tokens and other information.
All apps distributed on the official Mac App Store and iOS App Stores are vetted by Apple and only the ones
verified as safe are accepted. However, the researchers created a proof-of-concept malicious app which passed
the vetting process and was briefly available on the Mac App Store before it was removed.
The vulnerabilities were reported to Apple in October 2014 and the company said it would require six months to
roll out fixes. Apple subsequently released a server-side patch for the Mac App Store which blocked malicious
apps exploiting any of the XARA vulnerabilities. The company said that additional fixes were in progress.
Privilege escalation vulnerabilities
Two privilege escalation vulnerabilities were discovered by Italian researcher Luca Todesco in August 2015.
The findings attracted some publicity after the researcher posted a PoC exploit to GitHub. Todesco said that he
reported the issue to Apple a few hours before making it public.
The exploit took advantage of two different vulnerabilities to create a memory corruption in the Mac OS X kernel.
This in turn was exploited to bypass security features that blocked the exploit code from running, providing the
attacker with root access to the computer.
The vulnerabilities affected Mac OS X version 10.9.5 (Mavericks) to 10.10.5 (Yosemite). The flaw was patched in
the latest version, OS X 10.11 (El Capitan).
These vulnerabilities came to light days after Apple patched another privilege escalation vulnerability. The
DYLD_PRINT_TO_FILE vulnerability (CVE-2015-3760) enabled a malicious file to gain root access to an affected
computer, allowing it to install other unauthorized software.
Extensible Firmware Interface (EFI) vulnerability
In addition to vulnerabilities in Mac OS X itself, a number of security flaws affecting the firmware of Mac
computers, known as the Extensible Firmware Interface (EFI), were also discovered in 2015.
One of the most notable of these vulnerabilities was the Apple Mac OS X EFI Firmware Security Vulnerability
(CVE-2015-3692) which was disclosed by security researcher Pedro Vilaca in May 2015. He discovered that a
flawed energy conservation implementation on a wide range of Mac computers left flash memory protections
22. Page 22
The Apple threat landscape
unlocked after they woke up from sleep mode. This meant that an attacker could have reflashed the computer’s
BIOS to install EFI rootkit malware.
If left unpatched, the CVE-2015-3692 vulnerability could have been remotely exploited by an attacker if used in
conjunction with another exploit that provides root access. Once an attacker had this access, the only condition
required for a successful exploit was that the computer entered sleep mode.
Apple released the Mac EFI Security Update 2015-001, which simultaneously patched CVE-2015-3692 and the
“Rowhammer” memory corruption vulnerability (CVE-2015-3693), which affected some types of DRAM used on
Mac computers.
Thunderstrike vulnerabilities
A number of other vulnerabilities that hit the headlines in recent times also affected firmware on a range of Mac
OS X computers. In December 2014, researcher Trammell Hudson demonstrated that malware could be installed
on the EFI boot ROM of Apple computers using the Thunderbolt port.
Hudson created a bootkit as a PoC, calling it “Thunderstrike”. The bootkit could be installed on vulnerable Macs
within minutes by anyone with physical access to the computer. Furthermore, the malware could spread by
copying itself to any Thunderbolt devices connected to the infected computer.
Apple patched the vulnerability (CVE-2014-4498) with the release of OS X Yosemite 10.10.2 and Security Update
2015-001.
Following on from this issue, another related vulnerability was uncovered in August 2015 when Hudson and
fellow researcher Xeno Kovah developed another PoC worm capable of infecting the firmware of MacBooks.
Dubbed “Thunderstrike 2”, this worm was far more dangerous than the original Thunderstrike since it could be
installed remotely. The worm spread itself by infecting the option ROM on attached Thunderbolt peripherals,
which may then be connected to other vulnerable computers.
Apple partially patched the vulnerability in June as part of the Mac EFI Security Update 2015-001.
Root Pipe vulnerability
Another major flaw to emerge in 2015 was the Root Pipe vulnerability (CVE-2015-1130). The issue was
discovered by security researcher Emil Kvarnhammar, who found that the admin framework in Mac OS X
contained a back door API to root privileges. A successful exploit could allow an attacker to gain administrative
privileges without properly authenticating.
The flaw was patched with the release of OS X 10.10.3.
23. The number of
new vulnerabilities
found in iOS in
recent years has
been lower than
in its desktop
equivalent.
IOS VULNERABILITIES
24. Page 24
The Apple threat landscape
iOS vulnerabilities
The number of new vulnerabilities found in iOS in recent years has been lower than in its desktop equivalent.
However, the amount of vulnerabilities being found annually has trended upwards over the past four years.
Between 2011 and 2014, the amount of vulnerabilities affecting iOS has exceeded those that were documented
for its main competitor, Google’s Android. That trend has reversed in 2015 as so far, new Android vulnerabilities
have outstripped iOS.
While a number of Mac OS X vulnerabilities have attracted public attention over the past year, no flaw affecting
iOS alone has caused high levels of alarm. Generally speaking, the most serious vulnerabilities impacting iOS
tend to be cross-platform issues, occurring in technologies used in both iOS and Mac OS X. For example, the
aforementioned four XARA vulnerabilities affected Apple’s mobile and desktop operating systems.
Nevertheless, iOS has begun to attract more attention from vulnerability researchers since a market for zero-day
bugs affecting the platform has begun to develop. For example, one month after it offered a US$1 million bounty
for a jailbreak of iOS 9.1, zero-day broker Zerodium confirmed that it was paying out to a team of researchers
who uncovered a browser-based, untethered exploit.
Aside from the fact that the exploit can be triggered by visiting a specially crafted website, Zerodium didn’t
reveal much about the flaw. Zerodium has described its customers as “major corporations in defense,
technology, and finance” as well as “government organizations in need of specific and tailored cybersecurity
capabilities.”
Figure 9. iOS and Android vulnerabilities discovered by year
25. Page 25
The Apple threat landscape
AirDrop vulnerability
Another recent cross-platform vulnerability to gain public attention occurred in AirDrop, an Apple wireless file
transfer protocol. The flaw could have allowed an attacker to install malware on vulnerable iOS and Mac OS X
devices simply by sending them a file. The vulnerability was deemed critical, as the target did not have to accept
the file sent by the attacker for the exploit to trigger.
The vulnerability was discovered by Australian researcher Mark Dowd, who found that attackers were able to
send a malicious file to any AirDrop-enabled device within range. Once the malicious file had been received, it
could have then installed malicious software on the targeted device by taking advantage of a vulnerability in
security checks, making the device act as if it had already marked the malware’s certificate as trusted. In Dowd’s
PoC attack, he replaced an iPhone’s Phone app with another, non-functioning app.
Because the attack involved a signed app that was marked as trusted, the malicious software was granted
extensive permissions, such as the ability to read contacts, use the camera, or capture location information.
Following discovery of the vulnerability, Apple incorporated additional security measures into the latest versions
of Mac OS X and iOS, adding a sandbox to the AirDrop application and limiting the access it has to other parts of
the operating system.
Apple ID security
The Apple ID is a credential used to sign into a broad range of Apple services, including the iTunes Store, the
App Store, iCloud, and iWork. Given that the credential helps provide access to such a range of services, it is not
surprising that it has attracted the attention of attackers, resulting in campaigns involving the theft of Apple IDs.
A stolen Apple ID and password can be used to purchase music, movies, or software, with the owner’s payment
card charged for the purchases. They can also be used to access personal information, such as files and photos
backed up in iCloud.
The most high-profile Apple ID incident occurred during August 2014, when hundreds of private photos
belonging to celebrities were released on the internet. The attackers were believed to have accessed the public
figures’ Apple credentials, stealing any photos that the victims may have backed up on iCloud.
Following speculation that iCloud may have been compromised, Apple has said that it has found no evidence of
a breach in any of its systems including iCloud or Find my iPhone. The company concluded that the leak was the
result of phishing, “a very targeted attack on user names, passwords and security questions, a practice that has
become all too common on the internet”.
Following the leak, Apple moved to allay privacy concerns. In a statement published on the Apple website,
chief executive Tim Cook said that security and privacy were fundamental to the design of Apple products and
services.
“Two-step verification, which we encourage all our customers to use, in addition to protecting your Apple ID
account information, now also protects all of the data you store and keep up to date with iCloud,” Cook said.
Apple also moved to counter brute-force attacks against iCloud accounts after a proof-of-concept attack tool
called iDict was released on GitHub. The tool’s author said it could bypass account lockout restrictions and
secondary authentication on any Apple account. Apple immediately enforced rate limiting for login attempts
such as those generated using iDict.
27. Page 27
The Apple threat landscape
Conclusion
• The success of Apple devices has generated increased interest among attackers, as a growing number of
malicious actors are developing threats for Apple platforms.
• Symantec telemetry has shown a significant upsurge in malware infections on Mac OS X computers since
midway through 2014.
• While the number of Symantec detections on Mac OS X computers has increased dramatically over the past
year, a significant amount of this spike is attributed to nuisance applications, such as adware, and potentially
unwanted or misleading applications.
• Although still small in terms of overall numbers, the amount of new Mac OS X malware discovered annually has
been trending upwards over the past five years.
• The amount of iOS malware discovered to date remains quite small. Jailbroken devices present more
opportunities for compromise, as many threats are designed to take advantage of jailbroken phones.
Protection
Both Symantec and Norton offerings provide a robust set of protection technologies for computers running
Apple OS X. These include:
• Network-based protection technologies. Scanning network traffic entering and leaving a computer running
OS X, these technologies (a firewall and an enterprise-grade Intrusion Prevention System [IPS]), are able to
reconstruct application layer protocols on the fly to support looking for signs of malicious activity contained
within and block as appropriate. This provides the ability to generically block attempts at exploiting known
vulnerabilities.
• File-based protection technologies. The traditional file-based antivirus (AV) engines use a set of detection
technologies to scan files looking for malicious content contained within. Included are real time scanning
capabilities to monitor all file creation and modification activities to detect the first signs of malicious activity.
These technologies provide a robust defense against all known OS X malware.
Details on Symantec protection offerings, including Symantec Endpoint Protection for OS X can be found here:
https://www.symantec.com/endpoint-protection
Details on Norton protection offerings, including Norton Security, can be found here:
www.norton.com/products
29. Page 29
The Apple threat landscape
Appendix
Mac OS X threats
Table 1. Threats and security risks targeting Mac OS X computers from 2006 to 2015
Malware Type Discovery date
OSX.Leap.A Worm February 16, 2006
OSX.Inqtana.A Worm February 17, 2006
OSX.Inqtana.B Worm February 22, 2006
OSX.Exploit.MetaData Trojan May 31, 2006
OSX.Exploit.Launchd Trojan June 30, 2006
OSX.Macarena Virus November 2, 2006
OSX.RSPlug.A Trojan October 31, 2007
OSX.Saprilt.C Trojan June 23, 2008
OSX.Klog.A Trojan June 25, 2008
OSX.Lamzev.A Trojan November 13, 2008
OSX.Iservice Trojan January 22, 2009
OSX.Iservice.B Trojan January 27, 2009
OSX.Tored@mm Worm May 5, 2009
Spyware.AoboKeyLogger Spyware October 27, 2009
OSX.Loosemaque Trojan November 3, 2009
OSX.HellRTS Trojan April 19, 2010
OSX.Keylogger Spyware April 19, 2010
OSX.Remoteaccess Remote Access Trojan April 19, 2010
OSX.Musminim Trojan February 27, 2011
MacProtector Misleading Application September 5, 2011
OSX.Imuler Trojan September 25, 2011
OSX.Revir Trojan September 25, 2011
OSX.Flashback Trojan September 30, 2011
OSX.Tsunami Trojan October 26, 2011
OSX.Coinbitminer Trojan November 1, 2011
OSX.Imauler Trojan March 21, 2012
OSX.Macontrol Trojan March 30, 2012
OSX.Flashback.K Trojan April 9, 2012
OSX.Sabpab Trojan April 13, 2012
OSX.Olyx.B Trojan April 18, 2012
OSX.Flashback.L Trojan April 24, 2012
MacDefender Misleading Application July 2, 2012
OSX.Crisis Trojan July 25, 2012
OSX.Dockster Trojan December 9, 2012
OSX.Getshell Trojan February 2, 2013
OSX.Netweird Trojan February 2, 2013
OSX.SMSSend Trojan February 2, 2013
OSX.FakeCodec Adware February 3, 2013
OSX.Dockster.A Trojan February 14, 2013
OSX.Pintsized Trojan February 20, 2013
OSX.Okaz Adware April 18, 2013
30. Page 30
The Apple threat landscape
OSX.Kitmos Trojan May 16, 2013
OSX.Hackback Trojan May 18, 2013
OSX.Janicab Trojan July 15, 2013
OSX.Olyx.C Trojan September 12, 2013
OSX.Seadoor Trojan September 18, 2013
OSX.Hormesu Trojan September 30, 2013
OSX.Aniulisi Trojan January 31, 2014
OSX.Apptite.A Trojan February 17, 2014
OSX.Stealbit.A Trojan February 26, 2014
OSX.Stealbit.B Trojan April 18, 2014
OSX.SearchProtect Misleading Application June 30, 2014
OSX.Freezer Trojan August 27, 2014
OSX.Laoshu Trojan August 27, 2014
OSX.Slordu Trojan September 5, 2014
OSX.Luaddit Trojan October 3, 2014
Genieo Potentially Unwanted App October 7, 2014
OSX.Ventir Trojan October 19, 2014
OSX.Wirelurker Trojan November 6, 2014
OSX.Trojan.Gen Trojan November 26, 2014
OSX.Adware.Gen Adware December 31, 2014
OSX.PUA.Gen Potentially Unwanted App December 31, 2014
OSX.Malcol Trojan January 5, 2015
OSX.Malcol.2 Trojan February 12, 2015
OSX.Genieo!gen1 Potentially Unwanted App May 18, 2015
OSX.MACDefender!gen1 Potentially Unwanted App June 3, 2015
OSX.Searchprotect!gen1 Potentially Unwanted App June 3, 2015
OSX.Backloader Spyware Trojan July 3, 2015
OSX.Dropper Trojan July 3, 2015
OSX.Sudoprint Trojan August 4, 2015
OSX.Codgost Trojan September 18, 2015
OSX.CnetDownloader Potentially Unwanted App October 21, 2015
OSX.Ransomcrypt Trojan November 9, 2015
31. Page 31
The Apple threat landscape
iOS threats
Table 2. Threats and security risks targeting iOS devices from 2009 to 2015
Malware Type Targets jailbroken devices only? Discovery date
IOS.Ikee Worm Yes November 10, 2009
IOS.Ikee.B Worm Yes November 22, 2009
IOS.Finfish Trojan Unknown August 30, 2012
IOS.Passrobber Trojan Yes April 22, 2014
IOS.Fitikser Trojan Yes October 2, 2014
IOS.Lastacloud Trojan Yes December 12, 2014
IOS.Xagent Trojan Yes February 5, 2015
IOS.Oneclickfraud Trojan No May 31, 2015
IOS.Keyraider Trojan Yes August 31, 2015
iOS.Specter Trojan No October 5, 2015
IOS.Muda Adware Yes October 9, 2015
IOS.Crisis Trojan Yes October 18, 2015
IOS.Codgost Trojan No November 4, 2015