Apr 24, 2015 · 2 minutes

Researchers are hell-bent on disproving the notion that Apple's products can't be hacked, manipulated, or screwed around with like competitive offerings.

First, Skycure revealed at the RSA Conference that someone could create "no iOS zones" that crash iPhones and iPads by exploiting a bug in Apple's software. As the security researchers explained in a blog post about the crippling hack:

Envision a small device, which automatically captures any iOS device in range and gets it to join a fake network. Then, it issues the attack and crashes attacked iOS devices again and again. Victims in range cannot do anything about it. Think about the impact of launching such an attack on Wall Street, or maybe at the world’s busiest airports, or at large utility plants. The results would be catastrophic.
Then another researcher, Synack' Patrick Wardle, said that "It’s trivial for any attacker to bypass the security tools on Macs." Threatpost described Apple's security features, and explained how Wardle would bypass them, in a blog post:
'Gatekeeper doesn’t verify an extra content in the apps. So if I can find an Apple-approved app and get it to load external content, when the user runs it, it will bypass Gatekeeper,' Wardle said in a talk at the RSA Conference here Thursday. 'It only verifies the app bundle.'

Backing up Gatekeeper is XProtect, Apple’s anti-malware system for OS X. Malware isn’t a massive problem for OS X, but there definitely are some well-known families out there, with more being created all the time, Wardle said. Getting past XProtect turns out to be just as simple as bypassing Gatekeeper. Wardle found that by simply recompiling a known piece of OS X malware, which changes the hash, he could get the malware past XProtect and execute it on the machine. Even simpler, he could just change the name of the malware, which also lets it sneak in under the fence. Of course, it's not as if everyone at the RSA Conference is focused exclusively on proving Apple's devices aren't secure. There's certainly a degree of bias here in that leading with Apple's problems is much more interesting than, say, the Internet of Things'.

But that doesn't mean these aren't serious vulnerabilities. Apple often gets a pass on security because the App Store isn't filled with malware, which makes it harder for someone to gather information from an iPhone or iPad, for instance. Yet that doesn't mean there aren't other ways to compromise the products.

Put another way: Android has to contend with reports about its problems, from researchers' ability to collect information about someone's location based on how much battery an app uses to reports of new and exciting types of malware, all year. This week has been Apple's time to stand in the spotlight.