In a first-of-its-kind attack, dozens of applications in Apple’s official App Store have been infected by a malware which has embedded its code into some of the most popular mobile programs in China, exposing iOS users’ privacy. The firm famously subjects developers to stringent screening processes that can often hold up an app’s launch but allows Apple to promise customers the peace of mind that any app they download from its store is safe.
Advertisement
But while there are steps users can take to combat malware on Android devices, fighting this rare iOS exploit is mostly up to the developers. With that said, researchers at Palo Alto claim that up till now only 5 malware attacks have been found in the App Store. Palo Alto Networks Director of Threat Intelligence Ryan Olson told Reuters that the “malware had limited functionality and his firm had uncovered no examples of data theft or other harm as a result of the attack”.
Companies with apps that were affected include taxi-hailing service Didi Kuaidi, Citic Industrial Bank, China Southern Airlines and the music service of NetEase, a popular Web portal, according to the newspaper Yangcheng Evening News.
The apps that were infected by Xcodeghost were able to transmit data regarding the user’s device, show fake alerts which could steal Apple iCloud passwords and access the clipboard of the user.
The malware news has raised doubts about how secure Apple is, considering the company boasts that one of the major features of iOS is its security.
Apple released the latest version of its mobile operating system last Wednesday, making this the fastest adoption rate ever, the company said in statement.
Apple’s Xcode provides the tools developers need to build iOS apps. If you use apps from Chinese developers, now would be a good time to update your phone. However, a majority of the apps affected hail from China e.g.
Advertisement
“This flaw has been repaired and will not affect users who install or upgrade WeChat version 6.2.6 or greater, now available on the iOS App Store“, the blog post said.
