Apple has reported its first sustained security breach on its iOS software platform. The malware is known as XcodeGhost.
Apple has reported its first sustained security breach on its iOS software platform. According to the Verge, Apple has removed malware-infected apps from the App Store. The malware is known as XcodeGhost. It worked its way into several apps by convincing developers to use a counterfeit version of Xcode, which is the software used to create iOS and Mac apps.
Christine Monaghan, Apple spokesperson said that they have removed the apps from the App Store that they know have been created with this counterfeit software. They are working with the developers to make sure they are using the proper version of Xcode to rebuild their apps.
The apps that were affected were Chinese messaging app WeChat, popular business card scanner CamCard and Chinese Uber rival Didi Chuxing.
According to the Security firm Palo Alto Networks, XcodeGhost was able to prompt fake phishing dialogs, open URLs and read and write clipboard data, leading the company to label it a ‘very harmful and dangerous’ piece of malware that has affected at least 39 apps.
There is no evidence that any data theft has occurred yet or other harm as a result of the attack.
Ryan Olson of Palo Alto Networks said that the compromised version of Xcode came from a server in China, and may have been used because it was faster to download than the free, official version on Apple’s App Store.