Apple is Cleaning The App Store Of its First Major Malware Attack
Apple cleaned the App Store of apps containing malware today, having discovered a long con that saw developers using infected software tools, inadvertently turning their legit apps into data-collection tools for hackers.
According to Reuters, hackers duped developers into using a bad version of Apple’s Xcode app-development tools. The bad version of Xcode, dubbed XcodeGhost, would make otherwise-good apps from otherwise-good developers send device information (and other, more sensitive credentials) back to the hackers.
Most of the apps affected seem to be aimed at the Chinese market — the most prominent is WeChat, a WhatsApp competitor with a major following in China. Apple hasn’t said how many apps are affected, but one Chinese security firm put the number at 344. Yes, now would be a good time to update your apps.
Apple is continuing to ‘work with developers’ to ensure they’re using the legit version of Xcode — it’s unclear how the hackers persuaded devs to download a fake version in the first place, but one guess is that Apple’s servers are slow in China, so XcodeGhostery was posing as a legit mirror download.
In any case, it’s an embarrassing security breach for Apple, which normally talks up the height of the wall surrounding the App Store garden as one of the reasons to switch from scary scary Android.
[Reuters]
Contact the author at chris@gizmodo.com.
The following replies are approved. To see additional replies that are pending approval, click Show Pending. Warning: These may contain graphic material.
AndrosZChris Mills9/20/15 9:59pmIt's this the first time this has happened? If so, that last little comment is juvenile...which fits perfectly.Reply
slawAndrosZ9/20/15 10:03pmFirst time that we know of.Or rather, the first time that it’s been publicized.Reply
KittyReavenAndrosZ9/20/15 10:05pmIs this your first time on Kinja :PReply- AndrosZKittyReaven9/20/15 10:06pmIs this your first time editing a post?Reply
- KittyReavenAndrosZ9/20/15 10:06pmI made a mistake, and it’s not my first time :(Reply
emosterdChris Mills9/20/15 10:26pmThere Apple goes, copying again. We had this feature years ago on Android.Reply
coffee_eateremosterd9/20/15 10:42pmWell played, sir.Reply
Norbsemosterd9/20/15 11:03pmIsn’t this feature basically the core of what android is? I smell a lawsuit.Reply
obtusegooseChris Mills9/20/15 11:43pmApple isn’t responsible for the ineptitude of software developers. If they download third-party software, that’s on them, not Apple.Reply- KinjaNinjaobtusegoose9/21/15 12:22amI agree with you that the “fault” is on the devs but that doesn’t change the fact that Apple shouldn’t tell customers that their systems are “immune” to viruses and don’t need protected. It’s a bad marketing tool to willfully give your buyers a false sense of security.Reply
ZankyChris Mills9/20/15 10:38pmSo is this something that apple just now fixed? Or already fixed a while ago? I downloaded wechat to chat with a friend in China who had problems with Skype. There's no update in the North American store for wechat yet. Should I delete and wait for a fixed update? Or has it already been fixed in some previous update?
No comments:
Post a Comment
Please leave a comment-- or suggestions, particularly of topics and places you'd like to see covered