The admission is a black eye for the USA company, which has made much of its superior security record in mobile apps compared with that of Google. Word is that the developers behind a long list of infected apps were fooled into using counterfeit Xcode software for their creations.
Advertisement
“This is the most widespread and significant spread of malware in the history of the Apple app store, anywhere in the world”, it said.
Following a major attack on the iTunes App Store, Apple is removing dozens of popular apps that had been infected by malware. However, he called it “a pretty big deal” because the attack showed that the App Store could be compromised if hackers infected machines of software developers writing legitimate apps. It worked its way into several apps by convincing developers to use a counterfeit version of Xcode, which is the software used to create iOS and Mac apps.
In a statement to ABC News, an Apple representative said the fake code was posted online by “untrusted sources”.
An Apple spokesperson added that it has not discovered “any loss of user information” tied to the security breech.
The discovery of malware in Apple’s App Store is unprecedented for the company, which subjects apps to a stringent review process before publishing them in the App Store.
These aren’t just obscure apps either. “This flaw has been repaired and will not affect users who install or upgrade WeChat version 6.2.6 or greater, now available on the iOS App Store“, the company said.
The infected applications include many used by iPhone and iPad owners in China such as Tencent’s hugely popular WeChat app, a music downloading app and an Uber-like vehicle hailing app.
It further claims there’s been no theft and leakage of user information or money.
Researchers looking into the onslaught said that among the tainted apps was chat app WeChat, from Chinese firm Tencent, which is also partnered with IBM.
Advertisement
Commentators said it was the most serious attack yet on the iPhone maker, which prides itself on its security and that up to now has managed to restrict hackers to a handful of minor breaches.
