You can make a difference in the Apple Support Community!
When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.
When you sign up with your Apple Account, you can provide valuable feedback to other community members by upvoting helpful replies and User Tips.
I wanted to ask this question since I think i might have never seen anyone talk about this and was hoping that someone could answer this question that is running through my head. Can a new iOS update remove malware that may be on your Apple Device?
iPad (5th gen) Wi-Fi
Persistent malware (that can survive a reboot) is fairly rare, and I’ve not heard of malware that can survive an update.
Usual “malware” is not installed apps, but rather authentication or access vulnerabilities including password problems and password re-use, phishing and spear-phishing, lack of two-factor authentication usage, and sometimes SIM cloning and swapping and the occasional SS7 debacle.
From what I’m encountering around here and elsewhere, it’s the human (us) that are being targeted. Less so our devices. We’re awash in phishing and data-collection apps and not classic malware for no small reason. Because fooling us and hacking us—you and me, and not our devices—is both easier, and far more effective.
Now is there iPhone malware? Absolutely. Yes, there is. But at least so far, it’s been very targeted. Dissidents, political activists, senior government folks, people with access to money or sensitive data, or ilk, there are different considerations. For the rest of us, not so much—keep current, enable two-factor, robust and unique passwords, encrypted connections and data, and just the ongoing slog of maintaining our own security.
Persistent malware (that can survive a reboot) is fairly rare, and I’ve not heard of malware that can survive an update.
Usual “malware” is not installed apps, but rather authentication or access vulnerabilities including password problems and password re-use, phishing and spear-phishing, lack of two-factor authentication usage, and sometimes SIM cloning and swapping and the occasional SS7 debacle.
From what I’m encountering around here and elsewhere, it’s the human (us) that are being targeted. Less so our devices. We’re awash in phishing and data-collection apps and not classic malware for no small reason. Because fooling us and hacking us—you and me, and not our devices—is both easier, and far more effective.
Now is there iPhone malware? Absolutely. Yes, there is. But at least so far, it’s been very targeted. Dissidents, political activists, senior government folks, people with access to money or sensitive data, or ilk, there are different considerations. For the rest of us, not so much—keep current, enable two-factor, robust and unique passwords, encrypted connections and data, and just the ongoing slog of maintaining our own security.
Short answer - no.
In more detail…
Due to the system architecture of iOS/iPadOS, unless jailbroken (don’t go there!), your iPad is not susceptible to traditional malware infection per-se. However, as with all computer systems, there are still vulnerabilities and exploits to which you remain vulnerable.
Be wary of the myth that Apple devices are immune to malware; those that perpetuate this untruth do not fully comprehend the broader threat landscape. Consider that if the myth (and over-generalisation) were true, Apple would not need to expend considerable resources in developing and issuing regular security updates and patches for their products.
While your iPad is unlikely to be directly infected by malware, it is still possible to easily download an “infected” file to the iPad - which if transferred elsewhere still has the capacity to infect other computer systems with malware. As such, as executable code for iPad is only available from the App Store, it makes no sense to attempt to download these materials from other sources.
Should you wish to add a degree of useful protection to your iPad, whilst acknowledging that there are no bona-fide anti-virus products for iOS/iPadOS, there are a small number of Apps which do add useful defences. Browser and network-based attacks can largely be mitigated by installing a good, Content and Ad-blocking product. One of the very best and most respected within the Apple App Store - designed for iPad, iPhone and Mac - is 1Blocker for Safari.
https://apps.apple.com/gb/app/1blocker-for-safari/id1365531024
1Blocker is highly configurable - and crucially does not rely upon an external proxy-service of dubious provenance. All processing takes place on your device - and contrary to expectations, Safari will run faster and more efficiently.
Unwanted content is not simply filtered after download (a technique used by basic/inferior products), but instead undesirable embedded content blocked form download. A further benefit on metered services, such as cellular connections where you data may be capped or chargeable, this not only improves speed but also saves you money.
1Blocker has also introduced its new “Firewall” functions - that are explicitly designed to block “trackers”. Being implemented at the network-layer, this additional protection works across all Apps.
A further measure to improve protection is to use a trusted Recursive DNS Service in preference to automatic settings. This can either be set on a per-device basis in Settings, or can be set-up on your home Router. I strongly recommend using one of the following services - for which IPv4 and IPv6 server addresses are listed:
Quad9 (recommended)
9.9.9.9
149.112.112.112
2620:fe::fe
2620:fe::9
OpenDNS
208.67.222.222
208.67.220.220
2620:0:ccc::2
2620:0:ccd::2
Cloudflare+APNIC
1.1.1.1
1.0.0.1
2606:4700:4700::1111
2606:4700:4700::1001
Use of the above DNS services will help to shield you from “known bad” websites and URLs - and when used alongside 1Blocker, or other Content Blocker provides defense in depth.
There are advanced techniques to further “harden” iOS/iPadOS, but these are perhaps beyond the immediate skills of novice users.
I hope this information and insight proves to be helpful.
Thanks for the reply! To clarify things about your response,
More of the things that I hope you will response after I clarified on what happened is on the first reply I gave but thank you for the answers you had made.
Thanks for the response! But I hope this will clarify things on why I asked this question
I was browsing on My Files (app) when I saw a weird .html file. I decided to check it out and it said the following:
Oh no! Pinterest is not working. Please enable Javascript to continue.
And since there was a blue text on the word “Javascript”, I decided to look at it.
It wanted me to go to a website called
www.enable-javascript.com (btw I do not recommend clicking on the link but it was a secured site and there were said to be “No current threats found” on the Google Transparency report)
I was relieved that it was a secured website but there was still a part of me that wondered that it might carry malware. And so I decided to look at malware-related posts and I thought about the question that I asked.
2. My device isn’t jailbroken (but like you said that it doesn’t mean that you are entirely safe) and after it happened, I immediately cleared history and website data and removed the sketchy .html file
And lastly (and more of an another question), Since this whole thing started because on a weird link, Can a link (even if it is stated as a secured website) carry malware to your device?
Hope this reply help to your next response.
First and foremost, just because a website is “secured” with SSL/TLS, does not make the site safe - nor trustworthy! Any website can include potentially malicious links or embedded exploits. And yes, whilst the iPad may not be affected by a malware-infected download, your iPad can easily harbour files that may infect other computing platforms.
For iOS/iPadOS, JavaScript support is enabled from iPad Settings - and not via a website link:
Settings > Safari > Advanced > JavaScript - set to ON
The .html file that you identified using the native Files App was likely downloaded/saved by you. There are several ways that this file might have come to exist, but it is impossible to provide a definitive answer as to how it found its way onto your iPad. It is safe to say, however, that manually deleting the file will not harm your iPad.
On the basis of your posts, there are perhaps two take-away lessons…
1) You clearly know enough that you should be able to identify potentially “bad” links; you will understand that legitimate executable code can only be downloaded from the App Store. As such, tame your curiosity - and avoid links that suggest running executable code.
2) You are clearly a candidate for adding some useful protective measures to your iPad. Whilst there are no bona-fide AntiVirus products for iOS/iPadOS, the two specific defences that I’ve already outlined in my initial reply will add a considerable layer of protection.
Thanks for the added response, I will check from time to time the status of my device if something happened after that incident.
Correction:
It was a javascript checker from a website if javascript was enabled or not and not a website that is said to open javascript but I think it doesn't matter.
I do still wonder on what you meant to say on executable codes, Can it still trigger (the executable code) after you had cleared all history and website data or even erasing the content and return it back on the “factory mode”.
It seems like Pinterest (the thing that was supposedly on the .html file) doesn’t really run with Javascript on. I still do wonder if the file was really on the Official Pinterest since the pins are followed with random numbers or a file that might be an exploit. Will try to give an update soon.
Downloads in Safari happen by pressing and holding on a link, and selecting the download entry from the popup.
From my own experience with this, this download can be triggered accidentally.
That's also not an indication of compromise. Usually just random web that can accumulate by accident.
Can new iOS updates remove malware that may be on your phone
