![]() Gavin Reid, VP of threat intelligence at Lancope, explains, “You’re only as strong as your weakest link. “XcodeGhost is the latest example that iOS devices, indeed any device, can be subject to attack and that even a highly-curated app store can contain malicious apps,” declared Aaron Cockerill in a blog post from Lookout. Apps built using the fake Xcode include malicious code that grants the hackers access to sensitive information on the devices that run them. ![]() The attackers created a compromised counterfeit version of Apple’s Xcode software, which is used to build iOS apps, and lured developers to download and use it. The apps in question were apparently infected using a backdoor approach. The reason the malware is named XcodeGhost is because of how the attackers were able to get the malicious apps into the Apple App Store. The stringent process of getting an app approved should ostensibly include analyzing apps for vulnerabilities and malicious code. One of the things that makes the iOS mobile platform more secure than Android-its primary rival-is the fact that developers have to submit apps to Apple to be vetted before they’re allowed to be distributed through the App Store. It’s estimated that hundreds of millions of users are affected by the infected apps.Īpple enforces fairly strict control over which apps get into its App Store. The compromise-dubbed XcodeGhost–was discovered in Apple’s Chinese App Store and impacts a variety of popular apps, including WeChat, CamCard, and WinZip. Apple is busy today cleaning up apps from its App Store in China found to be infected with malware that can allow attackers to steal data about the users.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |