Researchers are warning that hackers are increasingly targeting iOS devices tied to unvetted and mobile apps via methods like privilege escalation, the misuse of private APIs, and sideloading exploits that bypass Apple’s app review process entirely. More than 40,000 apps were found to be using private entitlements with 800+ relying on private APIs.
You can find out more here: https://zimperium.com/blog/preventing-malicious-mobile-apps-from-taking-over-ios-through-app-vetting
Erich Kron, security awareness advocate at KnowBe4, commented had this to say:
“Mobile devices are such an important part of our everyday lives, most of us can’t imagine living without them. They can be incredibly useful, especially with the use of so many great applications available. Unfortunately, people place a lot of trust in these application developers, and will even go out of their way to sidestep built-in security features to install potentially dangerous applications without considering the ramifications.
“The official app stores for most devices do a pretty good job vetting applications and removing or denying publication of those that are malicious or could be problematic, however even that is not foolproof. In some cases, the device owner is willing to bypass the safety features to install applications that seem especially useful or entertaining. Cybercriminals and bad actors take advantage of this desire and will work hard to market dangerous applications as useful, then use them to access bank accounts, steal passwords, and perform other dirty deeds. This can be especially problematic if the devices contain information from their employer or have access to the employers’ network.
“Individuals need to understand that official app stores are in place to protect them, and even with those officially approved applications, there have been issues where the application has turned out to be insecure, or malicious. Organizations should have policies in place to dissuade users from installing unofficial applications, and should ensure that mobile devices have controls in place to safeguard organizational information from potential bad actors.”
The best way to stay secure on the iOS platform is to only download apps from the App Store and be careful about what apps you choose to download even if they come from the App Store. That way the threat actors behind schemes like these can are less effective.
Like this:
Like Loading...
Related
This entry was posted on May 20, 2025 at 8:39 am and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
40,000+ iOS Apps Exploit Private Entitlements
Researchers are warning that hackers are increasingly targeting iOS devices tied to unvetted and mobile apps via methods like privilege escalation, the misuse of private APIs, and sideloading exploits that bypass Apple’s app review process entirely. More than 40,000 apps were found to be using private entitlements with 800+ relying on private APIs.
You can find out more here: https://zimperium.com/blog/preventing-malicious-mobile-apps-from-taking-over-ios-through-app-vetting
Erich Kron, security awareness advocate at KnowBe4, commented had this to say:
“Mobile devices are such an important part of our everyday lives, most of us can’t imagine living without them. They can be incredibly useful, especially with the use of so many great applications available. Unfortunately, people place a lot of trust in these application developers, and will even go out of their way to sidestep built-in security features to install potentially dangerous applications without considering the ramifications.
“The official app stores for most devices do a pretty good job vetting applications and removing or denying publication of those that are malicious or could be problematic, however even that is not foolproof. In some cases, the device owner is willing to bypass the safety features to install applications that seem especially useful or entertaining. Cybercriminals and bad actors take advantage of this desire and will work hard to market dangerous applications as useful, then use them to access bank accounts, steal passwords, and perform other dirty deeds. This can be especially problematic if the devices contain information from their employer or have access to the employers’ network.
“Individuals need to understand that official app stores are in place to protect them, and even with those officially approved applications, there have been issues where the application has turned out to be insecure, or malicious. Organizations should have policies in place to dissuade users from installing unofficial applications, and should ensure that mobile devices have controls in place to safeguard organizational information from potential bad actors.”
The best way to stay secure on the iOS platform is to only download apps from the App Store and be careful about what apps you choose to download even if they come from the App Store. That way the threat actors behind schemes like these can are less effective.
Share this:
Like this:
Related
This entry was posted on May 20, 2025 at 8:39 am and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.