![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
First, if you've upgraded to the latest iOS, v9, go to Settings/Cellular, and scroll all the way down. You'll see an option called Wi-Fi Assist. You'll probably want to turn it off. Last week I received a text that I was 3/4ths through my 10 gig monthly data plan, and I couldn't remember doing anything that could account for a huge spike in my plan usage. It was quite likely this option.
Obviously this only affects iPhone users and not iPad users, though it might if you have a cellular-enabled iPad.
The next is two bona fide malware packages for iPhones from China. It involves falling for porn banner ads that add a certificate manager that bypasses Apple's heretofore strong walled garden. The interesting thing about this particular exploit was that you didn't have to had jailbroken your phone for it to be vulnerable! Phones running iOS 8.3 or older are most vulnerable.
But that's just one of the two. And if you limit your porn viewing to browser-based sites, you're probably fine.
The second one is a lot more serious: some people found a way to hack the Xcode development system which is used to write most iOS programs. The issue is mainly Chinese: because of poor international internet speeds, lots of Chinese developers download the free Xcode development system from Chinese servers rather than from Apple direct, and those copies have been subverted.
Currently the tainted applications have been purged from the app store, and Apple is setting up more servers in China to better control the distribution of the Xcode system, which will improve things.
There was little that could be done to avoid this particular attack because the apps passed inspection by Apple and were allowed in to the app store. So the normal prohibition of only installing apps from trusted sources was subverted in a very clever way, and now defenses are being ramped up to prevent a similar exploit again.
But the perpetual problem is that it's not too difficult to defend against previous attacks. It's the next attack coming that's going to get through at least once.
http://www.wired.com/2015/10/iphone-malware-hitting-china-lets-not-next/
Obviously this only affects iPhone users and not iPad users, though it might if you have a cellular-enabled iPad.
The next is two bona fide malware packages for iPhones from China. It involves falling for porn banner ads that add a certificate manager that bypasses Apple's heretofore strong walled garden. The interesting thing about this particular exploit was that you didn't have to had jailbroken your phone for it to be vulnerable! Phones running iOS 8.3 or older are most vulnerable.
But that's just one of the two. And if you limit your porn viewing to browser-based sites, you're probably fine.
The second one is a lot more serious: some people found a way to hack the Xcode development system which is used to write most iOS programs. The issue is mainly Chinese: because of poor international internet speeds, lots of Chinese developers download the free Xcode development system from Chinese servers rather than from Apple direct, and those copies have been subverted.
Currently the tainted applications have been purged from the app store, and Apple is setting up more servers in China to better control the distribution of the Xcode system, which will improve things.
There was little that could be done to avoid this particular attack because the apps passed inspection by Apple and were allowed in to the app store. So the normal prohibition of only installing apps from trusted sources was subverted in a very clever way, and now defenses are being ramped up to prevent a similar exploit again.
But the perpetual problem is that it's not too difficult to defend against previous attacks. It's the next attack coming that's going to get through at least once.
http://www.wired.com/2015/10/iphone-malware-hitting-china-lets-not-next/
