The recent discovery of mobile vulnerabilities targeting Apple devices, from XcodeGhost to YiSpecter, is altering the perspective that iOS devices are immune to security attacks.
The discovery of YiSpecter, the latest variant of malware aimed at compromising non-jailbroken Apple devices, led Palo Alto Networks researcher Claud Xiao to claim that the days of iOS devices being free from attack are "a thing of the past".
This view is reinforced by Aaron Cockerill, vice president of enterprise at mobile security firm Lookout, who told V3 that Apple products are increasingly being targeted by cyber criminals.
"From a sheer volume perspective we have seen an increased focus on iOS as a platform, for obvious reasons, as iOS is making significant inroads as being a successful productivity tool and platform for enterprise," he said.
The use of iOS within enterprises - something Apple itself is pushing - means the the amount of sensitive information now held on devices makes them a worthwhile target, Cockerill notes.
"As Apple devices become more pervasive through the enterprise you are going to see bad actors identify more valuable information on those devices and an increase in the threats attacking that platfor," he said.
"This stands to reason because the bad guys chase the money."
Greg Day, chief security officer at Palo Alto, agreed with this assetment, telling V3 that as mobile platforms, including iOS, becoming more embedded in everyday life, attackers will focus their efforts in these areas.
"There's surely got to be a tipping point which is as we start to use these services and more of our money is exchanged through smart devices and touchless payments the criminal is going to follow us there because that's where the revenue stream is moving to," he said.
"The simple reality is there is a significant supply chain ecosystem that is involved in the whole process. My expectation is that these supply chains seem to be getting ever larger and more complex, especially when we start to think about mobile and touchless payments.
"Nothing is invaluable and the more complexity we add into that the more opportunity there is for the attackers to find weak entry points."
Much of the threat, according to Cockerill, comes from the misuse of enterprise certificates as firms look to give staff the apps they need to do their job on the go.
"Most companies rolling out mobile devices for productivity very quickly realise that they want to deploy applications to help their employees do their jobs," Cockerill told V3.
"There are many instances now of misuse of those enterprise certificates. In fact, all of the most recent exploits found in the iOS ecosystem in the last 18 months have used enterprise certificates to distribute their malicious code.
"The only exception has been XcodeGhost, and that used a slightly different method."
XcodeGhost, uncovered last month by security researchers at Palo Alto, found malware lurking in a fake versions of Apple's Xcode developer suite. This led developers to unknowingly create apps that had backdoors in for hackers to access user devices.
The affected applications, which included WeChat, an unofficial copy of the popular Angry Birds game titled Angry Bird 2 and messaging app Encounter, quickly forced Apple to clean up its official App Store.
However, Cockerill stressed that the estimated scope of XcodeGhost was over-exaggerated in some reports.
"There was a lot of hype around the initial number of applications that may have been infected. Our research indicated that it was a lot lower, around the same numbers that Apple was quoting," he said.
Moreover, the Apple ecosystem remains relatively strong when it comes to combating the introduction of malicious applications, according to Cockerill.
"I don't believe we are going to see big numbers of devices being compromised in the iOS ecosystem because it's flat out harder to extract information from iOS devices or attack the OS because Apple does a good job of containing its ecosystem," he said.
"That doesn't mean that it's not going to happen, but it means the approach that bad actors will take is more targeted and directed at the types of end goals they want to achieve."
Apple vs Android
It is generally accepted that the Android operating system is significantly more prone to vulnerabilities than iOS, and Cockerill explained that there is a clear distinction between the two.
"In the Android ecosystem there is a widespread variety of alternative app stores that have methods of relatively simple distribution of malicious code. That tended to not be the case in iOS since the only real alternative app stores existed only to jailbroken devices," he said.
However, the emergence of YiSpecter signifies that even non-jailbroken iOS devices can be under threat, especially if left unpatched.
YiSpecter, again uncovered by Palo Alto, is reportedly able to infect non-jailbroken devices by abusing private APIs in iOS to install malicious applications.
Once the device is infected, YiSpecter is able to download, install and launch arbitrary iOS applications, replace existing apps, display adware, change Safari's default search engine and upload device information to a command and control server.
Cockerill noted that businesses need to be more aware of mobile threats. "At the moment we are seeing a major shift from people using laptops as their primary productivity tool to using mobile devices," he said.
"Enterprises need to take the same approach that they had in the past to securing devices with keyboards to the current productivity tools which are far more mobile-oriented."
However, there is evidence to suggest that businesses are becoming more aware of the mobile threat. Recent Lookout research revealed that up to 90 percent of organisations surveyed were making mobile security a priority over the next 12 months.
Furthermore, despite the sudden spate of Apple attacks security expert Graham Cluley believes that Apple malware overall is still in its infancy the platform remains far more secure than Android.
"Although recent developments in the world of iOS malware may rattle some users' confidence in the safety of the platform, it's worth remembering that the problem of malicious software is much more significant on the Android operating system," he said.
"Thousands of new Android malware samples are being discovered all the time. The good news for iOS users is that, for now at least, malware is a relative novelty."
In the move to El Capitan, Apple's latest Mac OS version, Apple released over 100 updates to fix security problems, and Apple users are likely to appreciate the security research being conducted to stay ahead of potential cyber exploits.
Nevertheless, the rise in mobile malware on Apple and Android should mean that businesses and general users are updating regularly to protect against potential threats.
Applications from some member states were down more than 40 per cent
A new RSA report urges coders to sign a 'Hippocratic Oath' before embarking on AI programmes.
IT security vendor believes APT33 is working for the Iranian government
Darktrace pushes machine learning to take some of the pressure off of IT and security teams