Apple’s App Store hit by first major attack

By Shrey Pacheco | Published on 21 Sep 2015
  • Apple is cleaning up the App Store after several cyber security firms found a malicious program called XcodeGhost embedded in legitimate apps.

Apple’s App Store hit by first major attack

Apple's App Store has been hit by a first major attack, allegedly affecting more than 300 applications. It has been cleaning the App Store of the malicious program, XcodeGhost, which was found by several cyber security firms. The code has reportedly been affecting both iPhone and iPad programs. This program was embedded in a number of legitimate apps in the Store. Developers of these apps unknowingly added the code by using a 'tainted' version of Xcode, Apple’s software that is used to create apps for iOS and OS X.

According to security firm Palo Alto Networks Inc., this is the first reported case of such a large number of programs bearing a malicious code, going past Apple’s app review process. Ryan Olson, Director of Threat Intelligence for Palo Alto Networks, said that the malware had limited functionality. It had found no examples of theft due to the attack, nor any other harm. However, according to Olsen, the attack was “a pretty big deal”. It showed that the App Store's security can be compromised if the developers' machines get infected. He added that the tainted version of Xcode was downloaded from a server in China. It is possible that the developers used the same server to download the software as it allowed faster download speeds as compared to Apple’s US servers. Apple has not made any official statement on how many apps were infected. However, Qihoo360, a Chinese security firm said that it found 344 apps tainted with XcodeGhost. 

Last week, Apple had launched its first app on the Google Play Store, Move to iOS. The app is designed to help Android users to shift to Apple devices running iOS 9. The app supports tablets as well as smartphones running Android v4.0 and above. During the iOS 9 setup process, users will be given the option to make the switch. Once they select that option, they will be given a code that has to be entered into the app. It facilitates transfer of contacts, message history, camera photos, videos, and more. Paid apps, previously installed on an Android device, will be put on the App Store’s wishlist for purchase.

Souce: Reuters

Shrey Pacheco

Writer, gamer, and hater of public transport.

email Protection Status