"Rollout" Patching Tool Became Problem For iOS App Developers

Hackers Abused The iOS App Patching Tool "Rollout" Prone

One more hot-patching solution for iOS applications have analyzed by researchers at security firm FireEye. And also, this solution is abused by the hackers who created malware in the harmless apps.

Even the Ios application developers also designed its updates and hotfixes for this software which is easily available in the Apple App Store that is designed with a strict security and integrity verification process.

But some companies as well as the independent developers that have also created their tools in which there is no need to update process because due to the update process this will be problematic for users especially at that time when it fixes need to be pushed out quickly.

While these solutions can be useful because they allow the developers to fix out the problems by easily roll out in which it will be adding a few lines of code into their applications.

 Even the FireEye has warned by the attackers that they insert malicious code into the harmless apps after passing their  Apple’s inspection.

The security firm analyzed JSPatch which is  an open source hot-patching tool that is designed on top of the Apple’s JavaScriptCore framework in January. And JSPatch has been detected more than 1,200 apps that are available in the App Store.

On Monday, FireEye published the researcher’s results in which they are targeting on a similar solution that is known as Rollout.io.

Whereas Rollout is a suitable tool that allows developers by which they can easily debug their products by using the remote code-level access to the live app. 

By using technologies as well as techniques just like debug symbol(dSYM) files, the JavaScriptCore framework and method swizzling, Rollout enables developers that carry out from a wide range of modifications.

Researchers reported that they are detecting the use of Rollout in 245 apps discovered in the App Store and the developer also says that its solution is recently running on 35 million devices. Whereas JSPatch is mostly used by Chinese developers.

FireEye has published in a post in explaining that how attackers can use Rollout and Apple’s private APIs for accessing a camera of a device as well as  microphone and scan a phone to find that certain application which is installed as well as make calls to premium numbers and take screenshots. 

There are experts have explained about a scenario which is based on the theoretical attack in which a harmless iOS app that is developed to create the malicious activities but it also distinguished that these attacks have not been marked in the wild.

Even FireEye also announced about the findings of Rollout and the vendor is planning about a new version and of its product that will provide protection to the developers from accessing to the private iOS APIs and frameworks. 

Erez Rusovsky who is a CEO & co-founder of Rollout told SecurityWeek, “Rollout’s solution allows mobile companies to mitigate production quality and performance issues, Rollout.io is already running on 35 million devices and has proven invaluable for preventing app downtime, increasing app rating and improving the user experience.” 

Rusovsky also added that “As written in FireEye report, there are many ways developers can exploit Objective-C Runtime and bypass App Store review process with the intent of using Apple's private APIs. Nonetheless, Rollout is fully committed to preventing abuse of our technology and we are currently updating our systems to reject usage of Apple's private APIs. We thank Jing Xie and the rest of the FireEye team for their help in this matter.”