The first major attack on AppStore is revealed.
[Manager] Apple has received much maligned for having very strict framework and criteria for which apps released in AppStore, but has also boasted that the online store has been completely safe for users.
While Google store Play constantly filled by various malicious applications, have, according to security companies only been five viral apps ever released by Apple doorkeeper.
Until now.
Spy Apps
Apple reports that the weekend has removed hundreds of apps built spy functionality.
According to Reuters hackers have wondered serious and legitimate app developers, who stock popular apps to download a fake version of Apple’s development tools Xcode, which fittingly named XcodeGhost.
The program has functioned exactly the same as Apple’s own developer program, but without the developer has been able to notice it, added to spy functionality in the apps that are uploaded to the AppStore.
– We have removed apps from AppStore that we know have been made using this fake software. We are working with developers to ensure that they actually use a real version of Xcode when building their applications again, said an Apple spokeswoman told the news agency.
Very popular
Apple does not say exactly how many apps it should be talking about, but Reuters claims there is talk of 344 apps. These will mainly be aimed at the Chinese market.
Some of these should have been among the country’s most popular, as WhatsApp competitor WeChat.
How hackers have managed to get developers to install a fake version of Xcode is not entirely clear. There is speculation that it takes so long to download large programs from the United States in China, that the perpetrators have been lured into downloading the program from Chinese servers where it went faster.
Significant weakness
According to security analyst Ryan Olson in Palo Alto Network spy functionality is relatively limited, but the one here has revealed a significant weakness in Apple’s security systems.
– Other attackers can copy procedure, and it is difficult to protect themselves against. Developers are now a big target, he said to Reuters. (ANB)
No comments:
Post a Comment