Apple has begun cleaning up its App Store, Sunday, after a malware attack infected the online outlet with a malicious program.
Advertisement
According to Palo Alto Networks, a U.S.-based cybersecurity firm, the security breach was prompted by Chinese app developers using a compromised version of Apple’s official tool for developing iOS, or OS X apps.
“The affected apps were then removed from the app store that were known to be created with the counterfeit software”, said Christine Monaghan, Apple’s spokeswoman.
Tencent announced on its WeChat website the security problem threatened an older version of the app WeChat 6.2.5. It is thought to be the first large-scale attack on Apple’s App Store. The way the vulnerability found its way into one of the highly rated app store continues to elicit mixed reactions.
Even though only 40 apps have been reported to be infected, and despite Apple already removing them from the App store, it is expected that about 300 apps will still get affected. The apps developed using the fake Xcode slipped through Apple’s screening process, reaching the market. The malicious code was reportedly embedded in Apps by cyber attackers who had attacked Apple’s program hub. Malicious code could only have been able to deliver some general information such as the apps and general system information.
Xcode Ghost was uploaded to a Baidu server in China, where developers picked up the counterfeit software. However, Schiller made sure to note that the malware is relatively harmless and that there’s no evidence of it stealing any information from users that have downloaded a tainted app. Apple has not disclosed the total number of infected apps.
The company confirmed it’ll be contacting customers who downloaded an app/apps that could have been compromised, adding, “Once a developer updates their app, that will fix the issue on the user’s device once they apply that update”.
Palo Alto Networks’ Claud Xiao says in a blog post that these are “unprecedented attacks”.
Advertisement
But GreatFire, a Chinese digital rights organization, warned that it’s still possible to download a malicious version of Xcode while following Apple’s recommendations if developers use the popular Chinese download manager Xunlei.
