Thousands of iOS apps from the Apple App Store have a potentially "backdoored" version of an ad library that could allow hackers access sensitive data and functions on a device. In total 2,846 are affected.
Malicious functionality could be remotely controlled via JavaScript code on a remote server device.
Potential actions that could have been performed include capturing audio and screenshots, monitoring and uploading the devices location, and opening URL schemes to identify and launch other apps on the device.
Cybersecurity firm FireEye says that attackers could modify files in the app’s data container, and alter the app’s keychain, as well as prompting users to install non-App Store apps.
In a blog post, the researchers say: "While we have not observed the ad server deliver any malicious commands intended to trigger the most sensitive capabilities such as recording audio or stealing sensitive data, affected apps periodically contact the server to check for new JavaScript code."
The fear is that malicious JavaScript code that opens the potential backdoors could be downloaded and executed. By November 4th, FireEye had noted over 900 attempts to contact a server that could deliver the code and control the backdoors.
FireEye has contacted Apple about its findings.