Apple iOS App Store riddled with malware — XcodeGhost haunts hundreds of apps

21 Sep 2015 | Author: | No comments yet »

Apple Inc suffers first major security iOS breach, removes infected App Store apps.

The Apple app store is often described as a “walled garden” – a picturesque image that suggests a serene idyll, a haven from the bustle and dangers of digital life.BEIJING: Hackers have infected one of China’s most popular social media applications on Apple’s App Store, Chinese Internet firm Tencent said, after dozens of programmes were reportedly affected by a rare breach in the US giant’s security. “A security flaw, caused by an external malware, was recently discovered affecting iOS users only on WeChat version 6.2.5,” Tencent said in a statement posted on the Wechat blog, adding the flaw had been repaired. “There has been no theft and leakage of users’ information or money.” Citing US-based cybersecurity firm Palo Alto Networks, the Wall Street Journal said that the attack affected more than three dozen apps.Tumblr co-founder Marco Arment, who developed the most popular paid ad-blocker on Apple Inc’s US app store, has pulled the product, citing concerns that the tool could hurt independent Web publishers. “Adblockers come with an important asterisk: while they do benefit a ton of people in major ways, they also hurt some, including many who don’t deserve the hit,” Arment wrote. What it means is that Apple strictly controls what makes it into the App Store, vetting each app to make sure its security (among other features) is up to scratch.

Apps infected by the malware — code-named XcodeGhost — could transmit information about a user’s device, mount phishing attacks to try to steal passwords, and access clipboard information, it said. The controversy around ad-blocking software kicked up this week after Apple made it available on the new version of the iPhone operating system on Wednesday. Other firms said to be affected included Chinese ride-hailing app Didi Kuaidi, Internet portal NetEase, and mobile phone operator China Unicom, among several more.

Anti-censorship group Greatfire.org, which tracks Chinese Internet restrictions and events, said the attack appeared to originate in compromised versions of Xcode, Apple’s developer software, which were then used by Chinese programmers. It worked its way into several apps by convincing developers to use a counterfeit version of Xcode, which is the software used to create iOS and Mac apps.

According to Apptopia Inc, a Boston-based company that tracks app store downloads and revenue, the Peace app generated US$113,521 (RM483,928) in gross proceeds in the 36 hours it was live. However, many argue that such tools hurt publishers, particularly smaller ones, by forcing them to develop dedicated iPhone apps, rather than relying on mobile-friendly websites. Some have even suggested that using such apps amounts to theft that will all but destroy the Web as we know it. “Ad blocking hurts publishers, prevents businesses from communicating and competing, reduces the diversity of voices in digital media, and hinders consumers from obtaining important information about products, services, even politics and culture,” wrote Randall Rothenberg, president and CEO of the Interactive Advertising Bureau, in an e-mailed statement.

Some 20 million people used ad blockers last year, up 40% from a year earlier, resulting in US$22bil (RM93.78bil) in lost advertising revenue, according to a study by Adobe and PageFair, an anti ad-blocking tech company. But Apple’s success exposes it to some of the most motivated and best-funded hackers in the world, be they criminals or nation states, both in China and the rest of the world.

Here you can write a commentary on the recording "Apple iOS App Store riddled with malware — XcodeGhost haunts hundreds of apps".

* Required fields
Twitter-news
Our partners
Follow us
Contact us
Our contacts

dima911@gmail.com

ICQ: 423360519

About this site