As the mobile malware epidemic has raged on the Android platform, people on iOS have been relatively safe.
There are many reasons why this is the case, but one of the chief reasons is that Apple has claimed that they keep their “walled garden” safe meaning that they keep malicious code and malware from entering the closed iOS app ecosystem. Apple relies on this claim to back up their further claim that you don’t need security software for iOS devices: they’re already safe.
To date, Apple has been able to (mostly) backup this claim. The one or two times bad apps have snuck through their ecosystem, Apple has been able to move quickly to address the situation with little to no harm.
While there has been notable malware affecting iOS devices, like in Operation Pawn Storm, it’s been iOS devices that have been either jailbroken or use app stores other than Apple’s. To date, Apple’s claims that you don’t need to worry about malware and malicious code on apps from their App Store have proven true.
Until now that is.
The recent news that the malicious code XcodeGhost made it into nearly 40 iOS apps and thus out to hundreds of millions of iPhone and iPad users is a watershed moment that calls into question the viability of “trust us, we’ve got it covered” as the sole means of protecting iOS users.
As of this writing there is no indication that the malicious code has been used to actually compromise devices or steal information and Apple says they are moving to address the issue. But the key thing here is even if nothing happened this time, this shows that Apple’s “walled garden” strategy, while good, isn’t foolproof.
In security we say that a single point of failure is never a good thing. And this episode underscores the truth of that axiom even for iOS as a platform. Just because there’s not been a major malware incident on iOS to date doesn’t mean there will never be one. And this event shows a weakness in Apple’s “walled garden” strategy that other attackers have surely noted and will be testing in the future. It’s a good reminder that it makes sense to add an additional layer of security to your iOS devices by running security software on it like Trend Micro’s Mobile Security for iPhone, iPod Touch, and iPad.
To read additional information, click here.
To download the Trend Micro Mobile Security client app for an enterprise mobility platform, click here.
To download Privacy & Lost Device Protection for your iPhone, iPad, and iPod Touch by Trend Micro, click here.
Please add your thoughts in the comments below or follow me on Twitter; @ChristopherBudd.