Ne’er-do-wells have so far exploited holes in Apple’s FairPlay copy protection primarily to distribute pirated iOS apps, but it now looks like they’re turning their energy toward hurting users. Palo Alto Networks says it has discovered AceDeceiver, the first malware that uses FairPlay to infect its targets. Install a bogus iOS management utility for Windows (Aisi Helper) and the software will launch a man-in-the middle attack that grabs app authorization codes and uses those to install infected apps on any iOS device you connect to the system. Unlike many iOS attacks, this doesn’t require that the target use a jailbroken device — the apps are allowed to run as if they were completely legitimate.
It’s particularly sneaky, too. While Apple has already pulled relevant apps from the App Store, it doesn’t need them to stick around to work. Also, it’s not so easy for Apple to catch offenders in the approval process. The example apps purposefully limited their hostile behavior to users located in China, so App Store screeners in California weren’t likely to spot any malicious activity.
Palo Alto reported the issue to Apple in late February, but it’s not clear whether there’s a permanent solution in the works. We’ve reached out to Apple for details, and we’ll let you know if it has something to share. Either way, the practical risk is low in the short term — don’t install Aisi Helper or similar apps. The concern is that intruders will take advantage of inexperienced users, or that a more sophisticated future attack won’t require that you install a program first.