Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Cleaning Up App Store After Its First Major Attack

Posted by timothy on from the they've-breached-the-garden-wall dept.

Reuters reports that Apple is cleaning up hundreds of malicious iOS apps after what is described as the first major attack on its App Store. Hundreds of the stores apps were infected with malware called XcodeGhost, which used as a vector a counterfeit version of iOS IDE Xcode. Things could be a lot worse, though: Palo Alto Networks Director of Threat Intelligence Ryan Olson said the malware had limited functionality and his firm had uncovered no examples of data theft or other harm as a result of the attack. Still, he said it was "a pretty big deal" because it showed that the App Store could be compromised if hackers infected machines of software developers writing legitimate apps. Other attackers may copy that approach, which is hard to defend against, he said.

3 of 246 comments (clear)

  1. Re:Duh by printman · · Score: 4, Informative

    Um, Xcode is free.

    The only thing you pay for is the $99 to distribute applications (through the App Stores or within your organization) - writing and installing your own applications to your iPhone, iPad, Apple Watch, Mac, etc. are all free.

    The issue here appears to be limited to developers that are downloading Xcode from unofficial sources which allows their code to become infected.

    --
    I print, therefore I am.
  2. Re:Hard to defend against you say? by Wrath0fb0b · · Score: 4, Informative

    The usual method of getting developers to install a backdoored version of an IDE is to make them think they are downloading the legit one. Infect their computers, MITM them. The NSA/GCHQ have many ways to do that, and few developers bother to check file signatures (do Apple even offer them?)

    Not only does they offer signatures, but the infected version of xCode will be refused by default unless you modify the default Gatekeeper setting. This is all the more ridiculous because you don't even need to register to download the legit xCode directly from Apple. And of course it's protected in transit by SSL.

    Not sure what your FUD is.

    [ Yeah, maybe GCHQ is clever enough to infect xCode and still pass Gatekeeper. But this case shows you don't really have to be that smart -- just tell users "you must click here to run this software" and they'll do it, even if that means disabling security checks. ]

  3. Re:Hard to defend against you say? by nuonguy · · Score: 4, Informative

    No Evidence?

    Really?

    No evidence at all?

    What would you consider evidence?

    That’s why the news from Bitdefender researchers is so alarming. They discovered sophisticated CAPTCHA-bypassing Android malware in Google Play apps.

    from http://www.itbusinessedge.com/...