dgstorm
Editor in Chief
- Joined
- Jul 27, 2011
- Messages
- 911
- Reaction score
- 328
Over the weekend, Apple engineers were busy cleaning up iOS after the first major, large-scale hacking attack hammered the iOS Apple App store. A number of malicious iPhone and iPad programs made their way directly onto the App Store.
Apple had to jump to work over the weekend after a number of cyber security firms reported a malicious program called XcodeGhost was found embedded in hundreds of legitimate apps. This marks the first time malicious software code made its way past Apple's strict app review process. According to Palo Alto Networks Inc, before this, only five malicious apps were ever found in the App Store. Here's a quote with more of the scary details,
"The hackers embedded the malicious code in these apps by convincing developers of legitimate software to use a tainted, counterfeit version of Apple's software for creating iOS and Mac apps, which is known as Xcode, Apple said.
"We've removed the apps from the App Store that we know have been created with this counterfeit software," Apple spokeswoman Christine Monaghan said in an email. "We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps."
She did not say what steps iPhone and iPad users could take to determine whether their devices were infected.
Palo Alto Networks Director of Threat Intelligence Ryan Olson said the malware had limited functionality and his firm had uncovered no examples of data theft or other harm as a result of the attack.
Still, he said it was "a pretty big deal" because it showed that the App Store could be compromised if hackers infected machines of software developers writing legitimate apps. Other attackers may copy that approach, which is hard to defend against, he said.
"Developers are now a huge target," he said." ~ Yahoo
Researchers identified several infected apps including: Tencent Holdings Ltd's <0700.HK> popular mobile chat app WeChat, car-hailing app Didi Kuaidi and a music app from Internet portal NetEase Inc. At least one mobile security firm (Qihoo360 Technology Co) claims that up to 344 apps were tainted with XcodeGhost. Apple has not yet declared how many apps it has uncovered with the malicious code.
When you are the biggest dog on the block, it basically paints a target on your back for the hackers of the world. Let's cross our fingers this will not be a trend of the future for iOS.
Source: Yahoo
