Several apps infected by malware dubbed XcodeGhost in first case of large numbers of malicious software making their way past Apple’s defences
Apple is cleaning up its app store to remove malicious iPhone and iPad programs after a large-scale attack.
The company disclosed the effort on Sunday night after several cybersecurity firms reported finding a malicious program dubbed XcodeGhost that was embedded in hundreds of legitimate apps.
It is the first reported case of large numbers of malicious software programs making their way past Apple’s stringent app review process. Prior to this attack, a total of just five malicious apps had ever been found in the app store, according to cybersecurity firm Palo Alto Networks.
The hackers embedded the malicious code in these apps by convincing developers of legitimate software to use a tainted, counterfeit version of Apple’s software for creating iOS and Mac apps, which is known as Xcode, Apple said.
“We’ve removed the apps from the app store that we know have been created with this counterfeit software,” Apple spokeswoman Christine Monaghan said in an email. “We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.“
She did not say what steps iPhone and iPad users could take to determine whether their devices were infected.
Ryan Olson, director of threat intelligence at Palo Alto Networks, said the malware had limited functionality and his firm had uncovered no examples of data theft or other harm as a result of the attack.
However, he said it was “a pretty big deal” because it showed that the app store could be compromised if hackers infected machines of software developers writing legitimate apps. Other attackers may copy that approach, which is hard to defend against, he said.
“Developers are now a huge target,” he added.
Researchers said infected apps included Tencent Holdings’s popular mobile chat app WeChat, car-hailing app Didi Kuaidi and a music app from internet portal NetEase.
The tainted version of Xcode was downloaded from a server in China that developers may have used because it allowed for faster downloads than using Apple’s US servers, Olson said.
Chinese security firm Qihoo360 Technology said on its blog that it had uncovered 344 apps tainted with XcodeGhost.
Tencent said on its official WeChat blog that the security flaw affects WeChat 6.2.5, an old version of its popular chatting app, and that newer versions were unaffected. A preliminary investigation showed there had been no data theft or leakage of user information, the company said.
Apple declined to say how many apps it had uncovered.
Monday, 21 September 2015
Subscribe to:
Post Comments (Atom)
Hello, my name is Jack Sparrow. I'm a 50 year old self-employed Pirate from the Caribbean.
An additional issue is that video games can be serious as the name indicated with the primary focus on understanding rather than fun. Although, it has an entertainment feature to keep your young ones engaged, each game is often designed to work on a specific set of skills or area, such as numbers or scientific discipline. Thanks for your article.
ReplyDeleteBacklinks can be often called votes to your site. Remember
ReplyDeleteit is needed for you to definitely follow and focus the instructions properly as it
may help the editors determine if you should be removed from their list or not.
) and the page is optimized for human visitors then it is more than likely
that the optimization for search engines like
yahoo is already done.
Strength however is normally developed primarily by body building, normally with heavy
ReplyDeleteweights. So pay attention and steer clear of these common sense mistakes.
Another great example has to be volleyball player having the ability to jump high enough to slam the ball within the net.
Hurrah! After all I got a blog from where I know how to actually obtain useful data regarding
ReplyDeletemy study and knowledge.
Unlike Twitter's 140 character restriction, Google+
ReplyDeletelets users post more in depth content. Google+ is way better
because it's under-going a trial stage so Google can test the limits and discover what resources are going to be necessary for
this website to work properly. The biggest proponent on this change is that
the modern Google+ Local pages are directly tied in to the social media Google+.
It is really important that you steer clear of this in case you genuinely wish to learn to lose
ReplyDelete10 pounds in 3 weeks. Only should you want to make your how to shed weight easily online.
Do not turn around the television and sink into the couch soon after dinner.
I am regular reader, how are you everybody? This article posted at this site is in fact good.
ReplyDeleteI lost about 15 pounds within the first five to six weeks of my new dieting
ReplyDeleteand exercise plan. I won't pry them from the hands of a preschooler in the
park. Everything sounds simple so far, but it just isn't because how do
you know the calories you're consuming.
I hardly leave responses, but i diid a feew searching and wound
ReplyDeleteup here Apple removes malicious programs after first masjor attack on app
store | fabTechnoid. And I actually do have a few questions for you if it's allright.
Could it be simpy me or dpes it look like a few of these remarks appear like they are written by
brain dead folks? :-P And, if you are posting at other online sociial sites, I would like to keep up with anything new you have to
post. Would you make a list of all of ylur public pages like your Facebook page,
twitter feed, or linkedin profile?