Apple removes malware-infected apps from Chinese App Store

21 Sep 2015 | Author: | No comments yet »

Apple Inc suffers first major security iOS breach, removes infected App Store apps.

BEIJING: Hackers have infected one of China’s most popular social media applications on Apple’s App Store, Chinese Internet firm Tencent said, after dozens of programmes were reportedly affected by a rare breach in the US giant’s security. “A security flaw, caused by an external malware, was recently discovered affecting iOS users only on WeChat version 6.2.5,” Tencent said in a statement posted on the Wechat blog, adding the flaw had been repaired. “There has been no theft and leakage of users’ information or money.” Citing US-based cybersecurity firm Palo Alto Networks, the Wall Street Journal said that the attack affected more than three dozen apps.Boston: Apple Inc said on Sunday it is cleaning up its iOS App Store to remove malicious iPhone and iPad programmes identified in the first large-scale attack on the popular mobile software outlet.Tumblr co-founder Marco Arment, who developed the most popular paid ad-blocker on Apple Inc’s US app store, has pulled the product, citing concerns that the tool could hurt independent Web publishers. “Adblockers come with an important asterisk: while they do benefit a ton of people in major ways, they also hurt some, including many who don’t deserve the hit,” Arment wrote.According to them, the infected apps can transmit information about a user’s device, prompt fake alerts that could be used to steal passwords to Apple’s iCloud service, and read and write information on the user’s clipboard.

The company disclosed the effort after several cyber security firms reported finding a malicious programme dubbed XcodeGhost that was embedded in hundreds of legitimate apps. The controversy around ad-blocking software kicked up this week after Apple made it available on the new version of the iPhone operating system on Wednesday. The applications were infected after software developers were lured into using an unauthorized and compromised version of Apple’s AAPL, -0.41% developer tool kit, according to researchers at Alibaba Mobile Security, a mobile antivirus division of Alibaba Group Holding Ltd BABA, -0.38% .

Other firms said to be affected included Chinese ride-hailing app Didi Kuaidi, Internet portal NetEase, and mobile phone operator China Unicom, among several more. Apple reportedly said it had addressed the security breach and had teamed up with developers to help fix affected apps. “To protect our customers, we’ve removed the apps from the App Store that we know have been created with this counterfeit software and we are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps,” it said, according to the Journal. According to Apptopia Inc, a Boston-based company that tracks app store downloads and revenue, the Peace app generated US$113,521 (RM483,928) in gross proceeds in the 36 hours it was live.

Anti-censorship group, which tracks Chinese Internet restrictions and events, said the attack appeared to originate in compromised versions of Xcode, Apple’s developer software, which were then used by Chinese programmers. “This is the most widespread and significant spread of malware in the history of the Apple app store, anywhere in the world,” it said. “Apple notoriously manually reviews all app submissions and, in comparison to Android stores, has been relatively malware-free.” However, many argue that such tools hurt publishers, particularly smaller ones, by forcing them to develop dedicated iPhone apps, rather than relying on mobile-friendly websites. Some have even suggested that using such apps amounts to theft that will all but destroy the Web as we know it. “Ad blocking hurts publishers, prevents businesses from communicating and competing, reduces the diversity of voices in digital media, and hinders consumers from obtaining important information about products, services, even politics and culture,” wrote Randall Rothenberg, president and CEO of the Interactive Advertising Bureau, in an e-mailed statement. In separate statements posted to social media over the weekend, Tencent, Didi Kuaidi Joint Co. and NetEase said their applications had been compromised but said no sensitive customer information had been lost.

Some 20 million people used ad blockers last year, up 40% from a year earlier, resulting in US$22bil (RM93.78bil) in lost advertising revenue, according to a study by Adobe and PageFair, an anti ad-blocking tech company. Tencent said on its official WeChat blog that the security flaw affects WeChat 6.2.5, an old version of its popular chatting app, and that newer versions were unaffected.

Here you can write a commentary on the recording "Apple removes malware-infected apps from Chinese App Store".

* Required fields
All the reviews are moderated.
Our partners
Follow us
Contact us
Our contacts

ICQ: 423360519

About this site