March 16, 2016
Palo Alto Networks revealed today the existence of a new iOS trojan called AceDeceiver that can infect both jailbroken and non-jailbroken devices, leveraging a design flaw in Apple’s FairPlay DRM system.
This design flaw is not new, it’s called FairPlay Man-in-the-Middle, and was observed in the wild for the first time in February 2013, used for spreading pirated apps, and later presented in depth at the 23rd USENIX Security Symposium. AceDeceiver marks the first time a FairPlay MitM attack was used to spread malware.
FairPlay MitM is a simple MitM attack in which the attacker plays an intermediary role between the App Store and a user’s computer or iOS device.
When a user purchases an app from the App Store, they can optionally save it on their computer. When they want to install this app, the user, using iTunes installed on his computer, will request and receive an authorization code from Apple, to install the app on one of his devices.