The escape risk: new iOS virus specifically steal escape equipment Apple ID


over the weekend, the discussion and debate on Reddit, user points out a new iOS device of the virus — unflod. This virus will lead to escape equipment repeat collapse, and steal the user’s Apple ID information, will forward it to the attacker’s server.

security experts Stefan Esser poisoning binary code in the equipment for the static analysis. He said in the report about China unflod SSLWrite function of the virus will invade the iOS security mechanism, the input string iOS devices, scanning intercept the Apple ID and password, and sends the information to the attacker’s server.

Esser also said the attack mainly 32-bit iOS devices, has not been found in the text library code for 64 equipment – this will also mean iPhone5S, the Air, the mini 2 g will not be affected.

now, Reddit users put forward the corresponding detection and response: open the SSH/Terminal, search folder/Library/MobileSubstrate DinamicLibraries, if search to Unflod. The dylib files are proved devices have been infected. Delete the dynamic database file temporarily can avoid information theft. But because it is not clear the file of the installation, this approach does not necessarily can once and for all.

based on this, Esser suggest that escape state recovery system back to the user or change the relevant ID password.

it is understood that carry the virus program does not come from “the jailbreak App Store” – the official Cydia market, at this point, the installation source from the application of the risk of again be stressed.

Jay Cydia’s developers Freemen (Saurik) on “whether the virus from Cydia repository” question has carried on the response, said the possibility is very small, and again say don’t recommend users to add URL path in Cydia and install unknown programs.

Via: Ars technica