Another one would be though an advertising network that implements JSPatch into its SDK (software development kit). If app developers would then include such an advertising SDK into their apps, it would give the advertising network the ability to abuse iOS APIs through their apps.
"The JSPatch technology potentially allows an individual to effectively circumvent the protection imposed by the App Store review process and perform arbitrary and powerful actions on the device without consent from the users," the FireEye researchers concluded. "The dynamic nature of the code makes it extremely difficult to catch a malicious actor in action."
Sign up for CIO Asia eNewsletters.