Jailbreaking greatly increases risk of iOS malware
The number of iOS malware threats discovered to date remains quite small, although it is beginning to increase, with seven new threats discovered in 2015, up from the previous high of three in 2014.
Figure 4. Number of new iOS threats documented by Symantec by year
Attackers targeting the operating system need to find a way to install malware on a device, which can represent a significant hurdle. Many threats are installed when the target connects their device to a compromised desktop computer. Jailbroken devices present more opportunities for compromise and many threats are designed to take advantage of jailbroken phones. Of the 13 iOS threats documented by Symantec to date, nine can only infect jailbroken devices .
Figure 5. Jailbroken devices present more opportunities for compromise
The overall number of new Mac OS X vulnerabilities emerging has remained relatively steady in recent years, at a rate of between 39 and 70 per year. In most years, the number of new Mac OS X vulnerabilities has been lower than the number of Windows vulnerabilities found. The greater numbers of Windows vulnerabilities may be reflective of the larger market share that the Microsoft operating system enjoys, prompting a greater level of scrutiny from attackers and security researchers.
Meanwhile, the amount of iOS vulnerabilities being found annually has trended upwards over the past four years. Between 2011 and 2014, the amount of vulnerabilities affecting iOS has exceeded those that were documented for its main competitor, Google's Android. That trend has reversed in 2015 as new Android vulnerabilities have outpaced iOS.
However, security researchers have begun to focus on vulnerabilities in Apple software and have uncovered a number of high-profile flaws in the last year. Zero-day brokers have begun offering bounties for Apple vulnerabilities, with US$1 million paid recently for a jailbreak of iOS 9.1. This is sure to add more impetus to researchers who are interested in looking at Apple systems for vulnerabilities.
Although still small in terms of overall numbers, the number of new OS X and iOS threats discovered annually has been trending upwards over the past five years. Given this trend, Apple users cannot be complacent about security. Awareness of common threats combined with properly securing Apple devices should minimize the risk of infection.
- Use a robust security suite and keep it updated.
- Keep your operating system and all other software up-to-date. Software updates frequently include patches to newly discovered security vulnerabilities that could be exploited by attackers.
- If you are considering jailbreaking an iOS device, exercise caution and educate yourself on the risks you may be exposed to. The majority of iOS threats target jailbroken devices and unofficial app stores are more likely to host Trojanized apps.
- Only install software from reputable sources. Some third-party OS X app stores have been found to host Trojanized software. Grayware, such as adware, and potentially unwanted or misleading applications are often bundled with installers for other applications.
- Delete any suspicious-looking emails you receive, especially if they include links and/or attachments. Don't even open them, just delete them. If they purport to come from legitimate organizations, verify with the organization in question first.
Sign up for CIO Asia eNewsletters.