Palo Alto Networks Researchers Discover Critical Safari 9.1 Vulnerability

Palo Alto Networks researchers were recently credited with the discovery of an Apple product vulnerability. Researchers Tongbo Luo and Bo Qu discovered a WebKit vulnerability (CVE-2016-4589) affecting Safari in Apple iPhone 4s and later, iPod touch (5th generation) and later, iPad 2 and later, and Apple TV (4th generation).

Pirated iOS App Store’s Client Successfully Evaded Apple iOS Code Review

Apple’s official iOS App Store is well known for its strict code review of any app submitted by a developer. This mandatory policy has become one of the most important mechanisms in the iOS security ecosystem to ensure the privacy and security of iOS users. But we recently identified an app that demonstrated new ways

The Threat Intelligence Research That Mattered to You This Year

Unit 42 did some incredible work in 2015 discovering, analyzing and disclosing malware – some new and others making a reappearance. Take a look below at some of their top threat intelligence research from this past year: XcodeGhost Unit 42 analyzed XcodeGhost, which modifies Xcode and infects Apple iOS Apps, and its behavior. The team found that many popular iOS apps were infected,

iOS Trojan “TinyV” Attacks Jailbroken Devices

In October 2015, we discovered a malicious payload file targeting Apple iOS devices. After investigating, we believe the payload belongs to a new iOS Trojan family that we’re calling “TinyV”. In December 2015, Chinese users reported they were infected by this malware. After further research, we found the malware has been repackaged into several pirated

BackStab: Mobile Backup Data Under Attack from Malware

Today we are releasing a whitepaper describing how malicious actors are stealing private mobile device data by accessing local backup files stored on PC and Mac computers. We have identified 704 samples of six Trojan, adware and HackTool families for Windows® or Mac® OS X® systems that used this technique to steal data from iOS

More Details on the XcodeGhost Malware and Affected iOS Apps

A few days ago, we investigated a new malware called XcodeGhost that modifies Xcode, infects iOS apps and is seen in the App Store. We also found more than 39 iOS apps were infected, including versions of some pretty popular apps like WeChat or Didi, potentially affecting hundreds of millions iOS users. We also analyzed

Novel Malware XcodeGhost Modifies Xcode, Infects Apple iOS Apps and Hits App Store

UPDATE: Since this report’s original posting on September 17, three additional XCodeGhost updates have been published, available here, here and here.  On Wednesday, Chinese iOS developers disclosed a new OS X and iOS malware on Sina Weibo. Alibaba researchers then posted an analysis report on the malware, giving it the name XcodeGhost. We have investigated the malware to identify how it

KeyRaider iOS Malware: How to Keep Yourself Safe

Earlier this week we published an analysis of KeyRaider, which is an iOS malware family and a reminder of the risks users take when they choose to jailbreak their mobile devices. Attackers used KeyRaider malware to steal more than 225,000 Apple accounts. KeyRaider targeted only jailbroken Apple devices, primarily through Chinese websites and apps that

KeyRaider: iOS Malware Steals Over 225,000 Apple Accounts to Create Free App Utopia

Executive Summary Recently, WeipTech was analyzing suspicious Apple iOS tweaks reported by users and found over 225,000 valid Apple accounts with passwords stored on a server. In cooperation with WeipTech, we have identified 92 samples of a new iOS malware family in the wild. We have analyzed the samples to determine the author’s ultimate goal

Learn More About WireLurker and the Impact to OS X and iOS

Recently Palo Alto Networks researcher Claud Xiao discovered WireLurker, a new family of Apple OS X and iOS malware with characteristics unseen in any previously documented threats targeting Apple’s popular desktop and mobile platforms. Much has happened since Claud’s discovery, so we’re pleased to present a new webinar covering WireLurker information and the potential impact

Get updates on Unit 42

Sign up to receive the latest news, cyber threat intelligence and research from Unit 42

Follow us on