太惨了……OSX 中了 WireLurker，现在想自检 iPhone 6!

@DXpro 请问用的什么检测

@bullettrain1433 https://github.com/PaloAltoNetworks-BD/WireLurkerDetector

= =我也中招

@musicx Your OS X system isn't infected by the WireLurker. Thank you! 谢谢

@braineo 看完了文档, 并没有说中标的ios如何处理啊

@duoglas 有说啊，认真看看。越狱后的就把一个sfbase的文件删掉，未越狱的就去把不知名的profile删掉。越狱后的iOS因为可以会在app里植入木马，看看发行商对不对得上。未越狱的把企业部署的奇怪的APP删了就好了

@braineo 果然 刚才没看仔细 , 谢谢~!

Remediation
If WireLurker is found on any OS X computer, we recommend the deletion of
respective files and removal of applications reported by the script. As of the
publication date of this report, the iOS component of WireLurker is only spread
through an infected Mac computer; accordingly, if WireLurker is found on a Mac, we
recommend inspection of all iOS devices that have connected with that computer.
A quick check for iOS devices includes determining whether any unauthorized
enterprise provisioning profiles were created by navigating to “Settings -> General
-> Profile”. If an anomalous profile is found, it should be removed and a subsequent
check of all applications should be performed. Delete any strange applications found
on the device. For jailbroken devices, we recommend that you check whether the file
“/Library/MobileSubstrate/DynamicLibraries/sfbase.dylib” exists. If so, you should
delete it through a terminal connection, via an application like MobileTerminal or
Secure Shell (SSH).

[+] Your OS X system isn't infected by the WireLurker. Thank you!


https://github.com/PaloAltoNetworks-BD/WireLurkerDetector

以前我还专门去找这个麦客孤独的D版软件。。。。现在我基本全换成正版了。。太恐怖了

@duoglas 8.1系统设置中的通用中没发现“Profile”

@zeroday 那就说明ok了

中招已修复;-)

@duoglas 哦，明白了，thank you.

@zeroday 用 xcode 查看删除（或者 iPhone Configuration Utility 也可以）。如果没有越狱的话，删不删那个证书无所谓，因为已经被苹果屏蔽了。

@dotpig 试了一下您推荐的方法，请教一个问题，iPhone Configuration Utility签发de证书怎么不被信任的呢？

@zeroday 到 Keychain 里面，把 iPhone Configuration Utility 证书设为始终信任就可以了。