Researchers have identified a new iOS vulnerability called “trustjacking,” which exploits a feature called iTunes Wi-Fi Sync to give attackers persistent control over victims’ devices.
Symantec researchers presented the vulnerability during a session at RSAC this week and said the vulnerability gives attackers the ability to record and control all activity on a device without being in the same room. Researchers disclosed the vulnerability to Apple, who has released a mechanism to safeguard devices from the vulnerability, they said.
All victims need to do to fall victim to this attack is approve their device’s connection to a malicious computer when syncing with iTunes, they said.