Analecta Cyber Company Blog: Apple's iOS App Store suffers first major attack


Apple's iOS App Store suffers first major attack

Apple Inc., is a multinational technology company that designs, develops, and sells consumer electronics, computer software, and online services. As part of their services, the company had been implementing a rigorous review process on apps before they became available on its App Store. A cyber security firm even cited that just a total of five malicious apps had ever been found in the App Store.

But just recently, several cyber security firms reported that a malicious program dubbed XcodeGhost was found embedded in hundreds of legitimate apps in the App Store and able to pass through the company’s review process. This has been the first time that the popular mobile software outlet suffered from such an attack through a large number of apps.

Apple stated it is conducting a clean up on its iOS App Store to remove malicious iPhone and iPad programs. The company’s spokesperson confirmed that they have removed apps created by a tainted and counterfeit version of Apple’s software hackers use to embed malicious codes. They were also working with the developers to make sure they were using the proper software in rebuilding their apps.

A security firm in China stated on its blog that a total of 344 apps tainted with XcodeGhost had been found though Apple declined to state details of its own investigation. The company also did not disclose the steps necessary to determine whether a device is infected.
Palo Alto Networks director of threat Intelligence confirmed that the tainted version of Xcode originated from a server in China. He also said that the attack was not able to cause harm such as data theft, but he warned developers that they are now a huge target of attackers. He added that apps may be compromised and would be hard to defend against with that kind of approach.

No comments :

Post a Comment