Palo Alto Networks revealed today the existence of a new iOS trojan called AceDeceiver that can infect both jailbroken and non-jailbroken devices, leveraging a design flaw in Apple's FairPlay DRM system.

This design flaw is not new, it's called FairPlay Man-in-the-Middle, and was observed in the wild for the first time in February 2013, used for spreading pirated apps, and later presented in depth at the 23rd USENIX Security Symposium. AceDeceiver marks the first time a FairPlay MitM attack was used to spread malware. FairPlay MitM is a simple MitM attack in which the attacker plays an intermediary role between the App Store and a user's computer or iOS device.