{
	"id": "23d9ae0c-8824-4a07-a8c3-e269ecdf7d4a",
	"created_at": "2026-04-06T00:07:28.126269Z",
	"updated_at": "2026-04-10T13:12:41.915689Z",
	"deleted_at": null,
	"sha1_hash": "cf0123e176d2b2d023fd77c28a2be10bc98e7a73",
	"title": "STA-7 · Mobile Threat Catalogue",
	"llm_title": "",
	"authors": "",
	"file_creation_date": "0001-01-01T00:00:00Z",
	"file_modification_date": "0001-01-01T00:00:00Z",
	"file_size": 34319,
	"plain_text": "STA-7 · Mobile Threat Catalogue\r\nArchived: 2026-04-05 18:06:57 UTC\r\nMobile Threat Catalogue\r\nMalicious Configuration Profiles\r\nContribute\r\nThreat Category: Mobile Operating System\r\nID: STA-7\r\nThreat Description: Malicious configuration profiles may contain unwanted CA certificates or VPN settings to\r\nroute the device’s network traffic through an adversary’s system. The device could also potentially be enrolled into\r\na malicious Mobile Device Management (MDM) system.1\r\nThreat Origin\r\nMalicious Profiles - The Sleeping Giant of iOS Security 2\r\nMobile Threat Protection: A Holistic Approach to Securing Mobile Data and Devices 3\r\nSymantec Internet Security Threat Report 2016 4\r\nExploit Examples\r\nThreat Advisory Semi Jailbreak 5\r\nYiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs 6\r\niOS SideStepper Vulnerability Undermines MDM Services: Check Point 7\r\nApple iPhone, iPad iOS 9 security flaw lets malicious apps sneak onto enterprise devices 8\r\nCVE Examples\r\nPossible Countermeasures\r\nEnterprise\r\nTo prevent attackers from creating counterfeit management profiles by signing them with stolen enterprise\r\ncertificates, ensure strong security measures are used to protect both enterprise access to trusted certificate\r\nservices (e.g., VeriSign) and any obtained certficates (e.g. MDM server certificates, Apple Push Notification\r\nServices certificates).\r\nhttps://pages.nist.gov/mobile-threat-catalogue/stack-threats/STA-7.html\r\nPage 1 of 2\n\nTo prevent a device from accepting a malicious management profile after enrollment, use EMM/MDM solutions\r\nin combination with devices that properly verify the integrity and authenticity of device management profiles prior\r\nto their application, such as by using digitally-signed profiles.\r\nTo prevent users from accepting prompts to install malicious management profiles, educate users about the risks\r\nassociated with installing an untrusted profile and ensure that enrollment processes allow users to know when\r\nmanagement profiles are legitimate (e.g., in-person enrollment, or secure out-of-band deployment methods such as\r\ndigitally-signed or encrypted e-mails.\r\nTo prevent users from installing malicious digital certificates, which can be used to greatly facilitate this form of\r\nattack, educate users about the risks associated with installing digital certifications, and ensure that installation\r\nprocesses allow users to know when digital certificates are legitimate (e.g., in-person enrollment, or secure out-of-band deployment methods such as digitally-signed or encrypted e-mails).\r\nReferences\r\nSource: https://pages.nist.gov/mobile-threat-catalogue/stack-threats/STA-7.html\r\nhttps://pages.nist.gov/mobile-threat-catalogue/stack-threats/STA-7.html\r\nPage 2 of 2",
	"extraction_quality": 1,
	"language": "EN",
	"sources": [
		"MITRE"
	],
	"origins": [
		"web"
	],
	"references": [
		"https://pages.nist.gov/mobile-threat-catalogue/stack-threats/STA-7.html"
	],
	"report_names": [
		"STA-7.html"
	],
	"threat_actors": [],
	"ts_created_at": 1775434048,
	"ts_updated_at": 1775826761,
	"ts_creation_date": 0,
	"ts_modification_date": 0,
	"files": {
		"pdf": "https://archive.orkl.eu/cf0123e176d2b2d023fd77c28a2be10bc98e7a73.pdf",
		"text": "https://archive.orkl.eu/cf0123e176d2b2d023fd77c28a2be10bc98e7a73.txt",
		"img": "https://archive.orkl.eu/cf0123e176d2b2d023fd77c28a2be10bc98e7a73.jpg"
	}
}