Apple is Cleaning The App Store Of its First Major Malware Attack
Apple cleaned the App Store of apps containing malware today, having discovered a long con that saw developers using infected software tools, inadvertently turning their legit apps into data-collection tools for hackers.
According to Reuters, hackers duped developers into using a bad version of Apple’s Xcode app-development tools. The bad version of Xcode, dubbed XcodeGhost, would make otherwise-good apps from otherwise-good developers send device information (and other, more sensitive credentials) back to the hackers.
Most of the apps affected seem to be aimed at the Chinese market — the most prominent is WeChat, a WhatsApp competitor with a major following in China. Apple hasn’t said how many apps are affected, but one Chinese security firm put the number at 344. Yes, now would be a good time to update your apps.
Apple is continuing to ‘work with developers’ to ensure they’re using the legit version of Xcode — it’s unclear how the hackers persuaded devs to download a fake version in the first place, but one guess is that Apple’s servers are slow in China, so XcodeGhostery was posing as a legit mirror download.
In any case, it’s an embarrassing security breach for Apple, which normally talks up the height of the wall surrounding the App Store garden as one of the reasons to switch from scary scary Android.
[Reuters]
Contact the author at chris@gizmodo.com.
The following replies are approved. To see additional replies that are pending approval, click Show Pending. Warning: These may contain graphic material.
emosterdChris Mills 9/20/15 10:26pmThere Apple goes, copying again. We had this feature years ago on Android.ReplyobtusegooseChris Mills 9/20/15 11:43pmApple isn’t responsible for the ineptitude of software developers. If they download third-party software, that’s on them, not Apple.ReplyZankyChris Mills 9/20/15 10:38pmSo is this something that apple just now fixed? Or already fixed a while ago? I downloaded wechat to chat with a friend in China who had problems with Skype. There's no update in the North American store for wechat yet. Should I delete and wait for a fixed update? Or has it already been fixed in some previous update?
No comments:
Post a Comment
Please leave a comment-- or suggestions, particularly of topics and places you'd like to see covered