NoReboot bug?

I’m guessing many of you have seen a story or two about this. I was first given the heads up from a client who read about it on the Malwarebytes blog, and then found it covered on Mac Observer…

Have any of you heard anything more about it? Both the above articles are very vague, especially in how the have no truly helpful information regarding how to detect or remove it. Is it as big a deal as it sounds? Is there truly no way to ‘patch’ the issue?

I’m just surprised how the story is being treated…

First, I was surprised after reading the article that the title refers to it as “malware” when it was clearly a Proof of Concept and not an actual threa that had been found in-the-wild. That’s what I would call “click bait”, something I didn’t expect to see from Malwarebytes.

The original research on this subject is documented at https://blog.zecops.com/research/persistence-without-persistence-meet-the-ultimate-persistence-bug-noreboot/ if you want additional information.

So it doesn’t appear that there is anything that a user needs to do to detect or remove it at this time, but since the PoC has been made public, a malware developer may soon find a way to incorporate it into something that’s truly a threat soon, so something I’m keeping my ear to the ground about.

Whether it can be patched or not is still a open question for me. It’s alleged by ZecOps, but not confirmed by anybody else to date and only Apple would be able to say so authoritatively, which they are unlikely to do unless they are able to prevent it with a future update.

1 Like

Thanks Al!

I agree that the story, or at least Malwarebytes’ coverage of it, seemed kinda clickbaity.

What I don’t understand is how anything that involves “injecting code” can’t be ''patched". I’ll be very curious to hear if Apple ever responds to this…

FYI, this topic was discussed as part of another thread ‘Restarting iPhone with Apple Configurator’. No real answers at this time, but we did discuss aspects of the force-restart that is recommended if you think you have the malware.

Thanks for that too, Nalarider. I’ve played with Configurator minimally in the past; I guess it’s time to check it out again!