Previous Story
After major security violation, Apple to clean App Store
In a report by Reuters, Apple confirmed on Sunday that the tech-giant has been hard at work removing malicious apps from App Stores for the iPad and iPhone.
The malware situation was exacerbated by certain developers’ practice of disabling their iOS apps’ “gatekeeper” feature, which is supposed to alert them to counterfeit software. XcodeGhost was embedded in to these apps after developers mistakenly used a counterfeit version of Apple’s free Xcode program.
XcodeGhost makes its way into iOS apps through an infected version of Xcode, Apple’s software development tool for building iOS and OS X apps.
Meanwhile, Apple cautioned developers and advised them to use the right version of Xcode so that future attacks can be prevented.
Hackers have found their way into Apple’s App Store. Some of these apps are used outside China.
Several of China’s most popular applications on Apple’s iOS mobile platform are infected with malicious software, researchers said.
It should be noted that the apps infected might not have been uploaded on goal.
The firm’s spokesperson Ryan Olson said the malware’s threat is limited. A preliminary investigation into the flaw has revealed that there has been no theft and leakage of users’ information or money.
Infected apps include popular Chinese mobile messaging app WeChat, NetEase’s music downloading app and Didi Kuaidi’s auto hailing app.
Chinese security firm Qihoo360 Technology Co (QIHU.N) said on its blog that it had uncovered 344 apps tainted with XcodeGhost.
The newspaper highlighted how past year , Tim Cook, Apple’s chief executive had criticised Google for what he claimed as insecure apps, quoting a report that described the search engine’s Android Play store as a “toxic hellstew of vulnerabilities”.
According to Palo Alto Networks, a security company that discovered the issue, the malware could potentially prompt users to enter passwords and then steal them; hijack certain URLs that a user attempted to open; or grab information off a user’s clipboard.
Commentators said it was the most serious attack yet on the iPhone maker, which prides itself on its security and that up to now has managed to restrict hackers to a handful of minor breaches.
