An anonymous reader writes: Researchers at Palo Alto Networks are reporting about a new iOS malware that could infect non-jailbroken devices without a user's consent. Dubbed "AceDeceiver," the iOS malware exploits a flaw in Apple's DRM software. The researchers claim that the iOS malware could technically infect any type of iOS device, provided a user downloads a third-party app. From the blog post on Palo Alto Networks' website, "AceDeceiver is the first iOS malware we've seen that abuses certain design flaws in Apple's DRM protection mechanism -- namely FairPlay -- to install malicious apps on iOS devices regardless of whether they are jailbroken. This technique is called "FairPlay Man-In-The-Middle (MITM)" and has been used since 2013 to spread pirated iOS apps, but this is the first time we've seen it used to spread malware."
The aforementioned malware required users to download a compromised Windows application. Apple has removed three offending apps from the App Store, and it appears that only users in China were targetted.