Previous Story
Chinese malware infects Apple apps
Posted On Sep 23 2015
Comment: Off
Apple’s App Store security has historically been solid.
Because of that trick, the app publishers, themselves, didn’t know that they’re in fact distributing apps with malware. We offer developers the industry’s most advanced tools to create great apps. However, new releases can lead to longer download times. China’s firewall, which blocks access to sites outside the country, is said to be part of the blame as it forced developers to download a fake version of the tech giant’s developer kit. Hackers modified the Xcode and distributed it to the developers. Those apps made their way into the App Store and ended up affecting potentially hundreds of apps, including popular messaging service WeChat. Over 300 other infected apps have already been found and the number is likely to grow over the next few days.
Palo Alto Networks warned users of any future attacks.
This security breach is surprising.
Apple announced Monday that half of all Apple devices have upgraded to its latest mobile operating system in the past five days, the most rapid adoption of an iOS ever. “The techniques used in this attack could be adopted by criminal and espionage focused groups to gain access to iOS devices”.
But users can now breathe easily.
The malware situation was exacerbated by certain developers’ practice of disabling their iOS apps’ “gatekeeper” feature, which is supposed to alert them to counterfeit software.
Zerodium founder Chaouki Bekrar also founded French hacking firm Vupen, which finds flaws but doesn’t report them to companies so they can be fixed.
The App Store hack happened because some companies in China that make apps took a shortcut. Its parent company, Tencent, posted an update about the infection. Tencent, the maker of WeChat, said that the newer versions of the app have not been affected by the malware.
In any case, it’s an embarrassing security breach for Apple, which normally talks up the height of the wall surrounding the App Store garden as one of the reasons to switch from scary scary Android. Whether you downloaded Xcode from Apple or received Xcode from another source, such as a USB or Thunderbolt disk, or over a local network, you can easily verify the integrity of your copy of Xcode.
