All eyes on the jailbroken as iOS, Mac OS X threat level ratchets up

Number of new problems rising, says Symantec


The number of iOS threats discovered this year has more than doubled, from three in 2014 to seven so far in 2015, according to Symantec, with jailbroken devices being the focus of the majority of threats.

Of the 13 iOS threats documented by the technology security company in total, nine can only infect jailbroken devices.

Mac OS X threats are also on the rise, at least historically, according to the security giant. The number of new Mac OS X threats emerging is increasing year-on-year, rising by 15 per cent in 2014, according to Symantec.

This followed an increase of 44 per cent in 2013 and an increase of 29 per cent in 2012. Early indications are that the number on new threats on Apple’s desktop platform for 2015 may come out slightly lower than that in 2014 or 2013, but higher than in previous years.

However, the number of unique OS X computers infected with malware in the first nine months of 2015 alone was seven times higher than in all of 2014. This is partly driven by the increased popularity of Macs but mainly down to successful targeting by crooks.

Much of the spike is down to grayware, such as adware, or potentially unwanted or misleading applications, with threats from spyware and trojans also an increasing problem for Mac fans.

These threats stem from cybercrime gangs branching out to Apple platforms, as well as high-level attack groups such as the Butterfly corporate espionage crew infecting OS X computers in targeted organisations, and the Pawn Storm APT group creating malware capable of infecting iOS devices.

Symantec’s take on Apple desktop threats fits with a separate warning about a rising tide of Mac OS X malware from researchers at Bit9 + Carbon Black last month.

Bug count

The overall number of new Mac OS X vulnerabilities emerging has remained relatively steady in recent years, carrying between a low of 39 and a high of 70 per year. The number of new Mac OS X vulnerabilities has generally been lower than the number of Windows vulnerabilities.

The greater market share Windows continues to enjoy means that the platform is more closely scrutinised by attackers and security researchers, a factor that may go a long way towards explaining the difference.

Elsewhere, the volume of vulnerabilities affecting iOS exceeded those that were documented for its main competitor, Google’s Android between 2011 and 2014 (inclusive).

But that trend has reversed in 2015 so far, and new Android vulnerabilities have outpaced those in Apple’s iOS operating system for smartphones and tablets.

Although the total number of threats targeting Apple devices remains quite low compared with Windows in the desktop and Android in the mobile sector, Apple users can't be complacent, as Symantec argues.

“Although still small in terms of overall numbers, the number of new OS X and iOS threats discovered annually has been trending upwards over the past five years,” Symantec researcher Dick O'Brien concludes in a blog post.

Users considering jailbreaking an iOS device should exercise caution, for example by educating themselves about the risks they may be exposed to, Symantec advises. The majority of iOS threats target jailbroken devices and unofficial app stores are more likely to host trojanised apps, Symantec advises, among other top tips covered in more depth in its blog post.

Symantec's 32-page white paper on the Apple threat landscape, which puts the whole issue under the microsocope, can be found here (PDF). ®

Similar topics


Other stories you might like

  • Brave's homegrown search claims to protect your privacy but there's a long way to go if it's to challenge the big G

    Ad-free now but not forever

    The Brave browser will now default to the company's own search engine, claimed to preserve privacy, while a new Web Discovery Project aims to collect search data again with privacy protection.

    The Brave web browser is based on the Google-sponsored Chromium engine but with features designed to prevent tracking, as well as an unusual reward system using its own cryptocurrency, the Basic Attention Token (BAT). Brave search will now be the default on new installs for desktop, Android, and iOS. Existing Brave users will keep their current default unless they choose to change it.

    Brave Search was released in beta in June and uses technology called Tailcat, acquired from the failed German Cliqz project, which also sought to provide a Google-free index.

    Continue reading
  • NHS Digital exposes hundreds of email addresses after BCC blunder copies in entire invite list to 'Let's talk cyber' event

    It's like rai-iiiiiin on your wedding day

    NHS Digital has scored a classic Mail All own-goal by dispatching not one, not two, not three, but four emails concerning an infosec breakfast briefing, each time copying the entirety of the invite list in on the messages.

    The first email sent yesterday morning thanked participants for "registering for NHS Digital's Full Digital Breakfast: Let's talk cyber, scheduled for Thursday 21 October 2021, 8:00-9:00am."

    Apparently Neil Bennett, CISO at NHS Digital, and Phil Huggins, National CISO at NHS X, "along with guest speakers, will have a conversation about the ongoing protection and how an increasingly digitised world means we must be super vigilant and cyber secure, where cyber hygiene is essential in protecting patients."

    Continue reading
  • Hitting underground pipes and cables costs the UK £2.4bn a year. We need a data platform for that, says government

    Atkins wins £23m deal to build National Underground Asset Register

    The UK government has awarded management consultancy Atkins a £23m contract to help it get to grips with accidental damage to underground pipes and cables, which is costing £2.4bn a year.

    The Geospatial Commission, an independent expert committee within the Cabinet Office, has awarded the work to help it build "a secure data exchange platform providing a comprehensive, trusted and secure digital map of where buried assets are located."

    Documents attached to a competitive tender notice point out that when digging up roads or attempting any other subterranean engineering, workers suffer the considerable difficulty of finding out what other human-made structures might be down there.

    Continue reading
  • Lunar rocks brought to Earth by China's Chang'e 5 show Moon's volcanoes were recently* active

    * Just a couple of billion years

    The Moon remained volcanically active much later than previously thought, judging from fragments of rocks dating back two billion years that were collected by China's Chang’e 5 spacecraft.

    The Middle Kingdom's space agency obtained about 1.72 kilograms (3.8 pounds) of lunar material from its probe that returned to Earth from the Moon in December. These samples gave scientists their first chance to get their hands on fresh Moon material in the 40 years since the Soviet Union's Luna 24 mission brought 170 grams (six ounces) of regolith to our home world in 1976.

    The 47 shards of basalt rocks retrieved by Chang'e 5 were estimated to be around two billion years old using radiometric dating techniques. The relatively young age means that the Moon was still volcanically active up to 900 million years later than previous estimates, according to a team of researchers led by the Chinese Academy of Sciences (CAS).

    Continue reading
  • Centre for Computing History apologises to customers for 'embarrassing' breach

    Website patched following phishing scam, no financial data exposed

    Updated The Centre for Computing History (CCH) in Cambridge, England, has apologised for an "embarrassing" breach in its online customer datafile, though thankfully no payment card information was exposed.

    The museum for computers and video games said it was notified that a unique email address used to book tickets via its website "has subsequently received a phishing email that looked like it came from HSBC."

    "Our investigation has revealed that our online customer datafile has been compromised and the email addresses contained within are now in the hands of spammers," says the letter to visitors from Jason Fitzpatrick, CEO and trustee at CCH dated 19 October.

    Continue reading
  • Ancient with a dash of modern: We joined the Royal Navy to find there's little new in naval navigation

    Following the Fleet Navigating Officers' course

    Boatnotes II The art of not driving your warship into the coast or the seabed is a curious blend of the ancient and the very modern, as The Reg discovered while observing the Royal Navy's Fleet Navigating Officers' (FNO) course.

    Held aboard HMS Severn, "sea week" of the FNO course involves taking students fresh from classroom training and putting them on the bridge of a real live ship – and then watching them navigate through progressively harder real-life challenges.

    "It's about finding where the students' capacity limit is," FNO instructor Lieutenant Commander Mark Raeburn told The Register. Safety comes first: the Navy isn't interested in having navigators who can't keep up with the pressures and volume of information during pilotage close to shore – or near enemy minefields.

    Continue reading
  • Darmstadt, we have a problem – ESA reveals its INTEGRAL space telescope was three hours from likely death

    Gamma ray-spotting 'scope was spinning uncontrollably and unable to make 'leccy until dramatic rescue

    The European Space Agency (ESA) revealed on Monday that its 19-year-old International Gamma-Ray Astrophysics Laboratory (INTEGRAL) had a near-death experience last month when failure of a small yet significant part caused it to spin uncontrollably and prevented its solar panels from generating power.

    According to ESA's blog, one of the scope's three active 'reaction wheels' – flywheels that help to stabilise attitude – turned off without warning. Absent the reaction wheel's energy, INTEGRAL rotated dangerously.

    The ESA activated Emergency Safe Attitude Mode, but that was ineffective because a July 2020 failure had left the geriatric satellite's thrusters inoperable.

    Continue reading
  • When it comes to ransomware, every second hurts

    Fortinet seeks to make EDR easy for non-specialists

    Sponsored For the longest time it seemed that modern endpoint detection and response (EDR) was getting on top of the worst malware, only for that certainty to evaporate in a single day in June 2017 thanks to a strange malware event remembered as the NotPetya attack.

    A lot of virtual ink has flowed on the origins of NotPetya but the most important aspect of its behaviour for anyone involved in endpoint defence EDR was the stunning speed with which it turned entire networks of computers into boxes uselessly pushing warm air. The word ‘fast’ gets bandied around a lot in malware incidents but for once this was no hyperbole, reportedly downing an entire Ukrainian bank in 45 seconds and a network running part of the country’s transit system in a third of that time.

    That means the infection unfolded in roughly 15 seconds to less than a minute. As with the equally swift WannaCry infection which had encrypted at least 200,000 computers in 150 countries only weeks earlier, this was far faster than EDR systems of the time - and the teams fielding the alerts generated by them - could possibly react. Security Operations Centre (SoC) teams couldn’t even ask employees to turn their computers off.

    Continue reading

Biting the hand that feeds IT © 1998–2021