Finance & Insurance, Health, Solutions

How the new Medisave Additional Withdrawal Limit affect your AIA HealthShield?

Many of my clients have received letters from AIA explaining the new MediSave Additional Withdrawal Limits (AWL) and their first questions is, “Will I have to pay more cash?”

The answer is fortunately, NO!

The new AWL actually INCREASE your withdrawal limit which can be used to pay for your AIA HealthShield plans, so you have to pay less cash if you’re nearing retirement or already retired.

I’ve done up a new post with Tables showing the before/after of how much you need to top up in cash. Check it out below.

AIA HealthShield Gold Max Additional Withdrawal Limit Table

Once I get some sleep, I’d update my original Integrated Plans article to include the latest published information from MOH.


[Chinese Version] YiSpecter: Another iOS Malware That Attacks Non-jailbroken Apple iOS Devices

3周前,帕洛阿尔托单位 42 发布 IOS XCodeGhost 恶意软件已经感染苹果商店内的39个软件 现在他们发布了新的恶意软件 YiSpecter感染苹果越狱iPhone 和 iPad。 YiSpecter 使用许多攻击媒介实现黑客攻击。最大的区别是它使用企业证书私人API


不是这个公司YingMob Interaction)的科技真的很好。因为这5年来已经有很多这类型的恶意软件被广泛使用。

总之YiSpecter 主要针对中国台湾的 iPhone iPad 用户。也许黑客只针对通过简化中文用户。YiSpecter 开始是受感染网站,Windows 的腾讯 QQ 聊天软件,论坛内发出的HTML文件,目标是在 IOS 屏幕显示色情网址

IOS 8 设备如果用户单击对话框中让网址下载应用程序自动安装,因为包含一个偷来,有效企业证书 IOS 9,必须切换权限安装企业应用程序所以用户受到保护。
然而如果您已经 IOS 8 升级可能仍然感染。因为 YiSpecter 自我保护可以传播感染作为一个僵尸网络一部分,而且它有隐藏的功能


  1. 在 iOS, 设置 ==》 通用 ==》描述文件,删除所有未知不受信任配置文件;
  2. 删除这些软件,“情涩播放器”,“快播私密版” 或 “快播0”;
  3. 使用任何第三方 iOS 管理工具,例如 iFunBox Windows 或者 Mac OS X,连接iPhone iPad注意苹果 iTunes 不能使用);
  4. 管理工具检查所有已安装iOS 应用程序;如果一些应用程序名字比如手机, 天气, 游戏中心, 存折, 笔记 Cydia,请把它们删除(请注意步骤不会影响原始系统应用程序只是伪造删除恶意软件)。

YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs


YiSpecter: Another iOS Malware That Attacks Non-jailbroken Apple iOS Devices

It’s less than 3 weeks since Unit 42 from Palo Alto published the IOS XCodeGhost malware that has infected 39 apps in Apple App Store. And they’re at it again! This time Unit 42 published findings on the malware YiSpecter, which uses many attack vectors with the key differentiator being Enterprise certificates & Private API to implement the hack.

This level of sophisticated is usually associated with Advanced Persistent Threat (APT)rather than a simple infection but since Apple Store has very strict checks, I guess they have to go to this level of sophistication in order to infect non-jailbroken devices.

Now I’m not saying that this malware company (YingMob Interaction) is really good, but they did “go the extra mile” to ensure a successful widespread infection by borrowing APT techniques published over the past 5 years.

In summary, YiSpecter mainly targets iPhone & iPad users in China & Taiwan, so maybe the hackers only target Simplified Chinese language users. The infection starts from infected websites, Windows-based IM platform like Tencent’s QQ Chat and forums where malicious HTML files are posted & displayed on the target IOS screen.

On IOS 8 devices, if the user click on dialog box to allow downloading the app, it is automatically installed because it contain a stolen but valid Enterprise certificate. On IOS 9, you have to switch on the permission to install Enterprise app, so new users are protected. However, if you’ve upgraded from IOS 8, it’s likely you’re still infected because YiSpecter is self-preserving, can spread the infection as part of a Botnet and is hidden from the user.

I wouldn’t go into the mechanism of the infection because it’s too technical for average users. You can find the link to the original Palo Alto notice at the end of the article.

To Clean the infection, you have to do the below:

  1. In iOS, go to Settings -> General -> Profiles to remove all unknown or untrusted profiles;
  2. If there’s any installed apps named “情涩播放器”, “快播私密版” or “快播0”, delete them;
  3. Use any third-party iOS management tool (e.g., iFunBox, though note that Apple’s iTunes doesn’t work in this step) on Windows or Mac OS X, to connect with your iPhone or iPad;
  4. In the management tool, check all installed iOS apps; if there’re some apps have name like Phone, Weather, Game Center, Passbook, Notes, or Cydia, delete them. (Note that this step won’t affect original system apps but just delete faked malware.)

YiSpecter: First iOS Malware That Attacks Non-jailbroken Apple iOS Devices by Abusing Private APIs