Summits Yellow

Apple Reeling Following Major Attack on iOS App Store

Tim Maytom

Trojan-Horse-Virus-Malware-Visual-Metaphor.jpgApple suffered the first ever large-scale attack on its mobile software store over the weekend, with a malicious program called XcodeGhost embedded in hundreds of legitimate apps after making its way through Apple's stringent security.

The attack was discovered by several cyber security firms, and involved hackers embedding malicious code in apps by convincing legitimate software developers to use compromised, counterfeit versions of Apple's development software, Xcode.

The attack is the first time large numbers of malicious programs have made their way into the App Store. Prior to this weekend, only five hostile apps had ever been found in Apple's software outlet.

Apple is now cleaning up the iOS App Store to ensure that all iPhone and iPad apps containing the code are removed, with popular apps including WeChat and Didi Kuaidi removed due to infection.

"We've removed the apps from the App Store that we know have been created with this counterfeit software," said Christine Monaghan, a spokesperson for Apple. "We are working with the developers to make sure they're using the proper version of Xcode to rebuild their apps."

Many of the affected apps come from Chinese developers, with security experts theorising that the tainted version of Xcode was downloaded from a server in China, with developers making use of it because it allowed for faster downloads than using Apple's US servers.

YOU MAY ALSO BE INTERESTED IN