Apple has taken down several apps after hundreds were found to have been compromised by a major attack on the App Store.
In the first significant security issue to affect the usually-watertight App Store for the iPhone and iPad, many were found with malicious "XcodeGhost" code inside of them.
The code found its way into the apps because developers had been tricked into using a modified version of Apple's official software for creating apps, known as Xcode. The code was deeply embedded in the apps, which made it through the Apple reviewers who check every app before they are made available to download.
Security firm Palo Alto Networks said the XcodeGhost code could have reached hundreds of millions of users and taken data such as passwords, although it had not seen any examples of sensitive information being stolen. It said only five App Store apps had previously been found to be malicious.
The malicious software was hosted on Chinese website Baidu, and thus is believed to largely affect apps in China. Some developers download Xcode from unofficial sources in China because it can reportedly take a long time to get it from Apple's servers.
Social network WeChat was one of those affected
No comments:
Post a Comment