Reported with examples to Apple 7 months ago, also hits windows and android
I reported to Apple in April, no need to jailbreak, it does write to firmware too. It is not just USB, it is also spread via wifi and Bluetooth with infected machines able to remotely turn on wifi or Bluetooth and even infect iOS set to airplane mode. It appears to be something like a law enforcement or Apple included backdoor or rootkits that has been taken over. It is similar to the mask malware in that is will infect anything. We have it documented to infect Ford vehicles via Bluetooth, and possibly medical devices. Have case numbers and documentation to show Apple denied for a couple months, then plugged it in to their Mac at the local Apple store and have been spreading it since.
Apple is playing a game of chance with users and making false claims and providing false sense of security on devices that are easier to infect and take full control of than many.
Apple failed miserably here and as latest software updates have shown, have lost their way, and it works on any version including latest iOS 8.1.1 beta and Yosemite. Apple took an arrogant stance, denied it, flashed and returned with even more malware on it. Nice and buggy like my new macbookpro that has sloppy OS bugs I had to fix myself.
Apple still has not replaced a couple iPads mini retinas I have that were infected right after purchase if anyone wants to check out or verify. Apple will die in enterprise like they want in on with this type of behavior.
Just like the back doors found on Intel epsd systems this year, Intel denies it, then accuses who submitted the found exploits, then hides behind saying it is NSA (when we verified it was not), then gets hacked by it themselves, then denies its possibility even though we have verification from their chip engineers down to their marketing people it's real, then you find some of it was written by Intel employees, released at black hat, but they never fixed it in their bios.n
Security is a joke, and places are too quick to say NSA backdoor or other false claims, it's the companies back doors, schlock programmers, and priming for future products according to several insiders.