The days of bored teenagers trying to take down the Internet are long over, and now there is real money to be made in cyberattacks. It’s All About the Money - Security is, in many ways, far less about technology and far more about economics. Reuters dubbed the situation the App Store’s “first major attack.” This is a tad misleading, since the App Store itself wasn’t attacked, but XcodeGhost was clearly successful, and shows, possibly for the first time, attackers effectively exploiting the security economics of the Apple ecosystem. Also, now that the news is out, Apple and developers are clearing infected apps from the App Store. It’s important to realize that the attack is largely limited to Chinese developers and Chinese apps although a few non-Chinese apps were infected (see the list in the linked article), most iOS users elsewhere in the world don’t need to worry. It’s the kind of attack that might never have made headlines had it not affected dozens of Chinese apps, including some of the most popular in China.
#APPLE XCODE GHOST CODE#
These developers then unwittingly used modified versions of Xcode that inserted malicious code into apps later released to the App Store. Instead of going after iOS or OS X directly, the attackers targeted developers who downloaded unofficial versions of Apple’s Xcode development toolkit. Originally discovered by Chinese developers, XcodeGhost uses an interesting vector. On 17 September 2015, researchers at Palo Alto Networks wrote an analysis of a new piece of malware in the Apple ecosystem in China. #1660: OS updates for sports and security, Drobo in bankruptcy, why TidBITS doesn't cover rumors.#1661: Mimestream app for Gmail, auto-post WordPress headlines to Twitter and Mastodon, My Photo Stream shutting down.#1662: New Macs, 12 top OS features for 2023, vertical tabs in Web browsers, watchOS 9.5.1.
#1663: Exploring the Apple Vision Pro, 12 more OS features coming in 2023, new Apple service features, Apollo shuts down.#1664: Real system requirements for OS 2023, beware Siri creating alarms instead of timers.The Fortnite game was removed from App Store in August last year after the company allegedly violated rules by adding an in-game payment system aimed at depriving Apple of its commission on in-app purchases from App Store. While Epic Games argues about Apple’s monopoly over the app market and treats 30 per cent standard fee amount to anti-competitive behaviour that must be regulated by antitrust law, Apple contends that “the whole antitrust allegation and associated dust-kicking is little more than a PR stunt”. As soon as the malware was identified, Apple asked developers to immediately recompile their apps with a genuine version of Xcode, it added.įollowing this incident, Apple has reinforced both the security of the Xcode installation process and the malware scanning when submitting apps to the App Store.Īs the legal battle between Apple and Epic Games began in the US this week, new details emerged, also revealing that Epic Games CEO Tim Sweeney asked Apple CEO Tim Cook to open its iPhones to other app stores as early as 2015.
#APPLE XCODE GHOST DOWNLOAD#
Several developers downloaded the infected Xcode because Apple’s servers were slow, so they looked for alternative download links, the report said.Įven popular apps like ‘Angry Birds 2′ were affected. In total, these 2,500 infected apps have been downloaded more than 203 million times in the App Store, reports Motherboard.Īn employer mentioned that “China represents 55 per cent of customers and 66 per cent of downloads,” also referring to the “XcodeGhost” malware.Īccording to more internal Apple emails, about 18 million affected users were based in the US.
0 kommentar(er)
