“Jekyll apps do not hinge on speciﬁc implementation ﬂaws in iOS,” the paper explains. “They present an incomplete view of their logic (i.e., control ﬂows) to app reviewers, and obtain the signatures on the code gadgets that remote attackers can freely assemble at runtime by exploiting the planted vulnerabilities to carry out new (malicious) logic.”
Assembling malicious logic at runtime avoids detection by reviewers and by automated methods of static analysis, a way to analyze program code without actually executing the instructions.
The full Usenix paper is available here.
Stay up-to-date by subscribing to the Comments RSS Feed for this post.