« Back to News

iOS Vulnerability Leaves iPhones Open To ‘Invisible Malicious Profiles’

A weakness in Apple’s iOS operating system could allow an attacker to spy on a victim’s phone and hide their illicit activity, using what are known as “invisible malicious profiles”.
In the basic threat, detailed last year, hackers trick users into downloading configuration profiles, XML files that contain settings to manage various iOS functions, including Wi-Fi and email.
But two “evolutions” of this threat were discussed by Israeli security firm Skycure at RSA 2014 conference today, one of which made the profiles invisible to the naked eye. Normally, a user can simply go to their profiles settings and delete any malicious ones, but a vulnerability in iOS could be exploited to make them invisible.