Skip to main content
  1. Home
  2. Mobile
  3. News

Apple cleans up iOS store after major malware security breach

By

iOS 9 Hands On
Malarie Gokey/Digital Trends
Although it has its detractors, Apple’s closed ecosystem has helped it to maintain strict control over its iOS App Store, with stringent checks working to eliminate malware from making it into the store.

In recent days, however, a number of security firms have uncovered the existence of infected iPhone apps in the iOS store in what looks to be the biggest security breach in the store’s seven-year history.

Recommended Videos

Security firm Palo Alto Networks (PAN) said it’d so far uncovered 39 infected apps “potentially impacting hundreds of millions of users” in multiple countries. It described the malicious software as “a very harmful and dangerous malware that has bypassed Apple’s code review and made unprecedented attacks on the iOS ecosystem.”

Related

PAN’s analysis of the malware revealed it’s capable of, for example, prompting fake phishing alerts to grab user credentials, as well as reading and writing data in the user’s clipboard, which could be used to obtain password information if such data is copied from a password management tool.

In a statement obtained by Reuters, Apple spokesperson Christine Monaghan said, “We’ve removed the apps from the App Store that we know have been created with this counterfeit software.”

Affected software includes leading Chinese messaging app WeChat and China-based Uber competitor Didi Kuaidi. WeChat said in a blog post the malware had been discovered in an earlier version of its app and so iOS users should ensure they have the latest malware-free version on their device.

It seems hackers targeted Chinese developers in their effort to get the malware into apps and onto the App Store. This was done by getting developers to use a tainted version of Apple’s app development tool, called Xcode.

Without realizing, developers using the tainted software, dubbed XcodeGhost, were incorporating malware into their apps before submitting them to the App Store. Apple’s own checking procedures failed to spot the malicious software, allowing infected apps into the App Store for iPhone, iPad, and iPod Touch users to download.

With Apple proud of its reputation for security when it comes to its iOS app store, the incident will be a matter of concern – and embarrassment – for the company. Apple said on Sunday it’s warning iOS developers to obtain Xcode only from its own site, rather than from third-party sources, which seems to have been the case here.

Editors' Recommendations

Topics
Trevor Mogg
Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Have an iPhone, iPad, or Apple Watch? You need to update it right now
iPhone 14 Pro Max against a red background.

If you own an Apple product — be in the iPhone, iPad, Apple Watch, or a Mac — you should update it immediately. Why? Apple has begun rolling out updates to all of its devices with fixes for a serious security vulnerability.

The security vulnerability is known as CVE-2023-32434, and it has to do with the kernel privileges of Apple devices. Per Apple's website, the vulnerability allows third-party apps to "execute arbitrary code." In other words, if a bad actor knows how to exploit this vulnerability, they could potentially gain access to your Apple device and wreck havoc.

Read more
The 6 biggest iOS 17 features that Apple stole from Android
iOS 17 logo on an iPhone, Android logo on an Android phone.

Apple made a big splash at WWDC 2023 this year, with the big headline announcement being the Vision Pro augmented reality headset. But we also got a glimpse of what’s to come with iOS 17, iPadOS 17, watchOS 10, and macOS 14 Sonoma.

Though iOS 17 appears to be more of a quiet release this year that focuses on refinement and quality-of-life improvements, I have mixed feelings overall. To be honest, I was a little underwhelmed with the iOS 17 announcement based on what was actually shown off on stage, but there are some very cool features that Apple didn’t make a big deal out of (when it should have).

Read more
11 features in iOS 17 that I can’t wait to use on my iPhone
ios 17 11 features i cant wait to use on my iphone mashup

Apple made a big splash at WWDC 2023 this year as it introduced the first major new product since the Apple Watch with the Vision Pro spatial computing headset. But of course, we also got software announcements for iOS 17, iPadOS 17, watchOS 10, and macOS 14 Sonoma.

Though I feel that iOS 17 is an overall underwhelming update compared to the past few years with iOS 14 and iOS 16, there’s still a lot of interesting stuff coming. The developer beta is out now, and people have been diving into all that iOS 17 has to offer so far. And you know what? There’s plenty to talk about — including a few things Apple didn't even mention during the keynote.

Read more