So, apparently they created an app with an enterprise certificate that has a transparent icon in the newsstand app.
The enterprise certificate (now revoked) bypasses the App Store review, as is well understood.
However, the app still needs permissions. It asks for permissions. So, if I'm reading correctly, it would require physical access to activate.
Not quite as scary as the title would show. I'd say "install" rather than "infect" because there seemingly, unless I missed something (which it's possible I did) there's no actual exploit involved.
If you let someone else run software on your device, and allow them to grant permissions, then obviously they can steal your data. The only reasons that make this notable are the enterprise certificate and transparent icon. (And of course the source)
So read the article, but the title is a tad misleading.
EDIT: Thinking about it some more, I should point out that the article is fairly well written. Also, we consider computer spyware that doesn't use an exploit an "infection", so I guess it's valid, but still misleading. Great and informative article though.
The enterprise certificate (now revoked) bypasses the App Store review, as is well understood.
However, the app still needs permissions. It asks for permissions. So, if I'm reading correctly, it would require physical access to activate.
Not quite as scary as the title would show. I'd say "install" rather than "infect" because there seemingly, unless I missed something (which it's possible I did) there's no actual exploit involved.
If you let someone else run software on your device, and allow them to grant permissions, then obviously they can steal your data. The only reasons that make this notable are the enterprise certificate and transparent icon. (And of course the source)
So read the article, but the title is a tad misleading.
EDIT: Thinking about it some more, I should point out that the article is fairly well written. Also, we consider computer spyware that doesn't use an exploit an "infection", so I guess it's valid, but still misleading. Great and informative article though.