Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

JSPatch hot patching technique puts iOS users at risk

Security experts at FireEye are warning attackers can exploit the JSPatch hot patching technique to serve malicious code and put iOS users at risk The release of hot patches for apps already deployed in the official App Store is a time-consuming procedure that results frustrating for developers. Apple is aware of this drawback, for this reason […]

JSPatch hot patching technique puts iOS users at risk

Security experts at FireEye are warning attackers can exploit the JSPatch hot patching technique to serve malicious code and put iOS users at risk

The release of hot patches for apps already deployed in the official App Store is a time-consuming procedure that results frustrating for developers.

Apple is aware of this drawback, for this reason designed specific solutions to address the issue and make it easier for iOS app developers to release a hotfix patch without passing the strict controls implemented under the Apple’s review process.

Unfortunately, this ‘alternative’ process expose Apple users to the risk of cyber attacks.

The technology under scrutiny is JSPatch, experts at FireEye warn about possible abuse that could allow attackers to push malicious updates for mobile apps in the Official store.

According to the experts at FireEye, attackers could exploit the JSPatch technology to serve malicious updates that could allow the apps to carry out a number of malicious activities.

“The JSPatch technology potentially allows an individual to effectively circumvent the protection imposed by the App Store review process and perform arbitrary and powerful actions on the device without consent from the users. The dynamic nature of the code makes it extremely difficult to catch a malicious actor in action.” states a blog post published by FireEye.

JSPatch Apple apps

In one case presented as a proof-of-concept by the experts the attackers can exploit the iOS Pasteboard, commonly used to copy and paste content between different apps, exfiltrate personal data from victims mobile device.

There are two possible attack scenarios that exploit the JSPatch Framework, in one case malicious developers could initially deploy a harmless app on the store and later update it with malicious code through the JSPatch Framework, in a second scenario the attackers can run a Man-in-the-Middle attacks against a developer loads the framework via an unencrypted channel.

If you want further details on the JSPatch Framework and possible attack methods give a look to the post published by Fire Eye.

Pierluigi Paganini

(Security Affairs – JSPatch Framework, Apple)