Apple App Store Compromised by XcodeGhost Vulnerability
Apple’s App Store has been compromised and millions of affected iPad and iPhone users are at risk. A vulnerability named XcodeGhost has been reported which functions by adding malicious code to mobile applications that have been built with an infected version of Xcode – Apple’s development environment for iOS.
Apple has posted the top 25 apps infected with the malware and most of them are based in China. XcodeGhost’s primary behavior in the infected iOS apps is to gather data and upload these data to command and control (C2) servers.
photo by Kārlis Dambrāns
A statement from Apple to Reuters mentions that they have removed the apps which have been infected with this security flaw.
“We’ve removed the apps from the App Store that we know have been created with this counterfeit software,” Apple spokeswoman Christine Monaghan said in an email. “We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.” – Reuters
It is normally the Android system that is more susceptible to attacks due to it’s open nature so this is a staggering news to iPhone and iPad users when the App Store was hacked. It just goes to show that it’s important to keep security in mind, regardless of the environment you’re developing the application.
Learn to test Mobile App Security
Learn to develop secure mobile applications. If you’re a mobile developer, it is important to develop apps while keeping security in mind. Understand the techniques to prevent these common attacks from happening. Get started with the Mobile Application Security and Penetration Testing Course for FREE here: MASPT FREE Trial