Ever since Steve Jobs revealed the first iPhone onstage at Macworld in 2007, users have taken for granted that the device is fortified against malware, at least as long as you didn’t jailbreak it.
On Wednesday, however, a security company called Palo Alto Networks reported of a new malicious bug called WireLurker, which worms its way into iOS devices “via USB with an infected OS X computer and installs” downloaded through third-party applications. (Hence the name: “wire lurker.”)
Now there’s good and bad news. The good news: The bug is largely contained to China, where it has been spotted infecting 467 OS X applications available through the Maiyadi App Store, a third-party Mac application hub popular in the country. Download the infected Mac app, plug in your iPhone, and not-good things happen.
The bad news: It represents a new way for malware to get into even non-jailbroken iPhones. “[T]his malware,” writes researcher Claud Xiao, and “combines a number of techniques to successfully realize a new brand of threat to all iOS devices.” Copycats could be on the horizon.
As for what the malware is capable of once it infects a device, it’s a laundry list of bad stuff: It can, per the New York Times, allow WireLurker’s creators to steal address books, read iMessages, and request unauthorized updates remotely. If you want to protect your phone, the best thing you can do is to keep your iOS and Mac OS software up-to-date from Apple directly, and to avoid downloading apps through third-party services.