Slashdot Mirror

← Back to Stories (view on slashdot.org)

FireEye: Many Companies Still Running XcodeGhost-Infected Apple Apps (csoonline.com)

Posted by samzenpus on Wednesday November 4, 2015 @01:22PM from the bad-apple dept.

itwbennett writes: In September, more than 4,000 applications were found to have been modified with a counterfeit version of Xcode, dubbed XcodeGhost. On Tuesday, FireEye said in a blog post that it has detected 210 enterprises that are still using infected apps, showing that the XcodeGhost malware 'is a persistent security risk.' In addition, whomever created XcodeGhost has also developed a new version that can target iOS 9, called XcodeGhost S, FireEye wrote.

3 of 23 comments (clear)

Min score:

Reason:

Sort:

More vectors than just Xcode by SuperKendall · 2015-11-04 13:26 · Score: 4, Insightful

Something for iOS developers to be aware of is they need to be careful of using binary only third party libraries which might also have been compiled with Xcode Ghost.
Thought thankfully Apple rejects app submissions that use them...

--
"There is more worth loving than we have strength to love." - Brian Jay Stanley
"whomever created XcodeGhost has also..." by jeffb+(2.718) · 2015-11-04 14:17 · Score: 3, Insightful

Did him really?
Cripes, Dice, spring for an editor.
Re: Most of the apps that they claim are infested. by Bing+Tsher+E · 2015-11-04 17:14 · Score: 1, Insightful

Apparently, though, since they're reported here to be out in the wild, somebody found them useful, or at least worth installing.
Damage Control! Roll out the fud (but go soft on the fear, we've got iPhones to sell)