Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Cleaning Up App Store After Its First Major Attack

Posted by timothy on from the they've-breached-the-garden-wall dept.

Reuters reports that Apple is cleaning up hundreds of malicious iOS apps after what is described as the first major attack on its App Store. Hundreds of the stores apps were infected with malware called XcodeGhost, which used as a vector a counterfeit version of iOS IDE Xcode. Things could be a lot worse, though: Palo Alto Networks Director of Threat Intelligence Ryan Olson said the malware had limited functionality and his firm had uncovered no examples of data theft or other harm as a result of the attack. Still, he said it was "a pretty big deal" because it showed that the App Store could be compromised if hackers infected machines of software developers writing legitimate apps. Other attackers may copy that approach, which is hard to defend against, he said.

4 of 246 comments (clear)

  1. Trusting Trust by jeffb+(2.718) · · Score: 5, Insightful

    Thirty-one years later, it's still worth reflecting on it.

    1. Re:Trusting Trust by jeffb+(2.718) · · Score: 5, Funny

      To be fair, when Ken Thompson gave his Turing Award lecture, he didn't have access to Slashdot anonymous cowards to explain the errors in his reasoning. He did the best he could with what he had.

  2. Vetting of apps? by Rainbow+Nerds · · Score: 5, Insightful

    I'm wondering how these apps made it through in the first place. Apple is known for being strict about vetting apps and what's allowed to enter the walled garden. If so many apps were able to make it past the vetting, it ought to raise concerns about what other malicious apps might be in the app store on a smaller scale. The vetting process probably lulls many users into a false sense of security that any app downloaded is going to be safe because Apple wouldn't let unsafe apps through. Obviously that's not the case, and it's not possible to know before downloading an app whether it's safe or not. Even reputable publishers could be compromised in this way. Although I think the walled garden is actually a good idea, it's obviously not sufficient, and there needs to be other layers of security. As much as I despise most antivirus software, it might be another good line of defense. I'd like to see more about app permissions like the old Android Market listing, and perhaps firewalling and only whitelisting certain sites for apps to connect to. It's reasonable that the browser you download would be able to connect to any site; that game, not so much. What's there now isn't enough and there really is no way for a user to know that an application is safe prior to installing it.

    --
    M-I-Z
    kU still sucks!
  3. Re:People are Stupid, exhibit 49284a by lucm · · Score: 5, Interesting

    XCode takes forever to download in China

    XCode, and everything Apple, takes forever to download everywhere. It's faster to download the CentOS "Everything ISO" (7GB) from a shitty ftp mirror in Egypt than to get XCode (3GB) from the global network of the wealthiest company in the world.

    Wtf Apple.

    --
    lucm, indeed.