Check Point: SideStepper: Anatomy of an iOS Vulnerability | Mobile Threat Prevention HD

For more information, visit: Report: IDC Technology Spotlight: Why Comprehensive Security Requires Mobile Threat Prevention: disclosed details about SideStepper, a vulnerability that can be used to install malicious enterprise apps on iPhone and iPad devices enrolled with a mobile device management (MDM) solution. The mobile research team presented details about this vulnerability at Black Hat Asia 2016 in Singapore on April 1, 2016.SideStepper is a vulnerability that allows an attacker to circumvent security enhancements in iOS 9 meant to protect users from installing malicious enterprise apps. These enhancements require the user to take several steps in device settings to trust an enterprise developer certificate, thereby making it harder to install a malicious app accidentally.However, enterprise apps installed using an MDM are exempt from these new security enhancements. An attacker can hijack and imitate trusted MDM commands on an iOS device, including over-the-air installation of apps signed with enterprise developer certificates. This exemption allows an attacker to side-step Apple‰Ûªs solution meant to thwart installation of malicious enterprise apps.