However the malware doesn’t do much of a harm other than tracking a no of private information – phone name, UUID, language, country and current time zone. Prior to this attack, a complete of simply 5 malicious apps had ever been discovered within the App Store, based on cyber safety agency Palo Alto Networks Inc.
Advertisement
Apple said it has started removing malicious iPhone and iPad programmes identified in the first large-scale attack made on its iOS App Store, Reuters reported.
The code appears to have been injected by XcodeGhost, a counterfeit version of Apple’s Xcode software that is used to build iOS and Mac apps. The developers, mainly operating from China and distributing apps for the Chinese market, compiled iOS apps using the modified Xcode IDE and distributed those infected apps through the App Store.
Qihoo 360, a Chinese security firm, said it had found 344 apps affected by Xcode Ghost.
The new YouPlayer version also fixes an issue that previously prevented users from forcing landscape playback on iPhone devices and bundles a number of other bug fixes that should make the app even more stable.
I’ve been playing with iOS 9 for the past few weeks, but mostly on an iPad. Apple has not yet provided users with any information about how to check their iPhones and iPads to see if they are infected. “This flaw has been repaired and will not affect users who install or upgrade WeChat version 6.2.6 or greater, now available on the iOS App Store“, WeChat revealed in a blog post. The company insists that it was an older version of the app that was infected, and that the current version is clean.
KitGuru Says: This isn’t great news for Apple, particularly since the company has such a reputation for being strict with its app review process.
Olson said that even in this case, hackers did not crack Apple’s software.
The majority of the listed apps are popular in China and include various banking, mobile network, stock trading apps and games.
Advertisement
While most developers download the XCode from Apple’s own servers, many occasionally opt to download it from external source on the web.
