In the past, only five malware-infected applications have made it into the Apple App Store. That number has grown, though, as 25 apps have been identified and pulled from the App Store for containing malware. This cyber breach is due to a program called XcodeGhost, an imitation of the program Xcode, which is the platform develops utilize to make programs for iOS and Mac. While the official Xcode program takes about half an hour to download in the United States, the time is almost triple for developers in China. Most decide to download the program from local servers, which allowed the counterfeit XcodeGhost to be substituted for the real Xcode program and downloaded in in its place. Thankfully, apps developed using this malware have not been observed to steal any sensitive information from users that have downloaded them. Still, though the apps appear to be harmless, the attack on the App Store is notable according to Palo Alto Network’s Director of Threat Intelligence, Ryan Olsen. The firm was the first to report the existence of the malware-tainted apps, and Olsen states that the cyber breach reveals that the Apple App Store isn’t impenetrable.
To prevent another cyber breach, Apple will provide a way for Chinese developers to download an official copy of Xcode domestically, and Apple is “working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps” according to an Apple spokesperson.
Article via CNET, September 22, 2015