apple app store suffers worst malware attack
Last Updated : GMT 05:23:14
Arab Today, arab today
Arab Today, arab today

Apple App Store suffers worst malware attack

Arab Today, arab today

Arab Today, arab today Apple App Store suffers worst malware attack

WeChat, an instant messaging application developed by Tencent
Washington - AFP

Hackers infiltrated the vaunted Apple ecosystem by injecting malicious software into popular Chinese mobile apps, potentially affecting hundreds of millions of users and raising security concerns as the US tech giant prepares its newest iPhone launch.
The company said Monday it had removed tainted applications from its App Store, days after security researchers revealed the breach of Apple's normally secure system which aims to weed out infected applications.

In China, more than 300 apps including the hugely popular instant messaging service WeChat and ride-hailing app Didi Kuaidi were infected with the "XcodeGhost" malware, potentially allowing access to private user data including passwords, Chinese state-run media said.

The reports were a blow to the US firm, which has Greater China as its second-largest market.

Apple told AFP that it had removed the affected apps from its online store.

"To protect our customers we've removed the apps from the App Store that we know have been created with this counterfeit software and we are working with the developers to make sure they're using the proper version of (Apple software) Xcode to rebuild their apps."

Apple's reaction came days after US-based cybersecurity firm Palo Alto Networks uncovered the flaw, saying the malware came from computer code uploaded to Baidu's cloud file-sharing service used by Chinese app developers.

Anti-censorship group Greatfire.org, which tracks Chinese Internet restrictions, called the news "the most widespread and significant spread of malware in the history of the Apple app store, anywhere in the world."
Apple, which reviews and approves each application, has generally kept its apps malware-free, analysts say.

But Alan Cockerill at the US security firm Lookout said "there are no perfect systems."

In a blog post, Cockerill said that "while Apple has traditionally done an excellent job of keeping malware out of its App Store, malicious actors are always looking for new ways to break through."

"The malicious code may have hundreds of millions of victims," Cockerill said.

- Apple checks failed -

Johannes Ullrich at the SANS Technology Institute said that "the real problem here is this malicious code made it past the Apple App Store check-in process."

"Apparently there is some trust between Apple and some of these developers of large applications like WeChat so these applications aren't necessarily tested as carefully if they are coming from a name-brand company," Ullrich said.
Palo Alto Networks said the malware was hidden in the Xcode software required for apps and made its way into applications without the knowledge of developers.

But once installed, the malware could allow a third party to gain access to private and personal information on an Apple device.

The malware can issue a fake dialog alert to gain access to passwords, or hijack a browser to direct users to a fake website. It can also read and write data in the user's clipboard, which could be used to get passwords, according to Palo Alto.

Only Chinese apps were known so far to have been infected -- although some of those, including WeChat, are also used outside China.

Chinese apps are thought to be vulnerable because developers often bypass the official, more secure, Apple channels, which can be slowed by Chinese Internet monitoring.

Tencent, which makes the WeChat software -- used by 500 million in China -- said it had repaired the flaw and that there had been "no theft (or) leakage of users' information or money."

The makers of app Didi Kuaidi, which claims 200 million regular users, also reported a fix and said no user privacy was compromised.

- Bad timing -

Independent security consultant and researcher Graham Cluley said the incident is not all bad for Apple.

"It suggests that Apple's security is pretty good," Cluley said in a blog post.

"After all, this was quite a complicated way to get malware into the App Store."

Cluley said Apple "has a much much better track record than Google's Android one for security."

But Thomas Reed at the software firm Malwarebytes said it may hurt Apple at a delicate time.

Apple is set to release its new iPhone 6S and 6S Plus handsets on Friday in the US, China and several other key markets.

"There is little doubt that there will be some revision of the app review process at Apple as a result, but it's also certain that this incident will erode consumer confidence in the App Store as a (mostly) unassailable malware-free fortress," he wrote in a blog.

arabstoday
arabstoday

Name *

E-mail *

Comment Title*

Comment *

: Characters Left

Mandatory *

Terms of use

Publishing Terms: Not to offend the author, or to persons or sanctities or attacking religions or divine self. And stay away from sectarian and racial incitement and insults.

I agree with the Terms of Use

Security Code*

apple app store suffers worst malware attack apple app store suffers worst malware attack

 



Name *

E-mail *

Comment Title*

Comment *

: Characters Left

Mandatory *

Terms of use

Publishing Terms: Not to offend the author, or to persons or sanctities or attacking religions or divine self. And stay away from sectarian and racial incitement and insults.

I agree with the Terms of Use

Security Code*

apple app store suffers worst malware attack apple app store suffers worst malware attack

 



Arab Today, arab today
Arab Today, arab today Jordanian woman reveals her project

GMT 00:46 2017 Saturday ,11 November

Jordanian woman reveals her project
Arab Today, arab today The Big Apple bike boom

GMT 10:47 2017 Wednesday ,22 November

The Big Apple bike boom
Arab Today, arab today Sophian Yussef reveals suitable decoration

GMT 02:56 2017 Thursday ,23 November

Sophian Yussef reveals suitable decoration
Arab Today, arab today Leaders of Russia, Iran, Turkey meet

GMT 10:12 2017 Wednesday ,22 November

Leaders of Russia, Iran, Turkey meet
Arab Today, arab today 'Advanced' cyber attack targets Saudi Arabia

GMT 10:18 2017 Wednesday ,22 November

'Advanced' cyber attack targets Saudi Arabia
Arab Today, arab today
Arab Today, arab today
Arab Today, arab today Australian academic's book pulled

GMT 15:20 2017 Monday ,13 November

Australian academic's book pulled
Arab Today, arab today May under Brexit pressure at EU reform summit

GMT 02:14 2017 Saturday ,18 November

May under Brexit pressure at EU reform summit
Arab Today, arab today Delhi half-marathon to go ahead

GMT 03:51 2017 Saturday ,18 November

Delhi half-marathon to go ahead
Arab Today, arab today The history of solar eclipses

GMT 05:16 2017 Sunday ,20 August

The history of solar eclipses
Arab Today, arab today Honda recalls 800,000 minivans

GMT 11:43 2017 Wednesday ,22 November

Honda recalls 800,000 minivans
Arab Today, arab today VW says will invest over 34bn euros

GMT 07:19 2017 Tuesday ,21 November

VW says will invest over 34bn euros
Arab Today, arab today Singer Jahda Wahba has unlimited ambitions

GMT 07:56 2017 Monday ,20 November

Singer Jahda Wahba has unlimited ambitions
Arab Today, arab today paObama climate envoy slams Trump's rejection

GMT 16:04 2017 Friday ,17 November

paObama climate envoy slams Trump's rejection

GMT 09:23 2017 Saturday ,18 November

Fedra happy for “Between Two Worlds” success

GMT 11:15 2017 Thursday ,16 November

Angola oil boss sacked by father's protege

GMT 18:41 2017 Friday ,20 October

Designer Aql Faqih aspires to innovation

GMT 11:38 2017 Wednesday ,15 November

Unloved vultures fight for their survival

GMT 17:52 2017 Sunday ,03 September

Etiquette expert underlines importance of gifts

GMT 13:41 2017 Tuesday ,21 November

French choke up over proposal

GMT 00:44 2017 Monday ,20 November

Japanese regulators raid Airbnb

GMT 17:12 2017 Monday ,07 August

Al-Shawaifi reveals secrets of total solar eclipse

GMT 16:53 2017 Tuesday ,05 September

Youssra depended on colored foam
Arab Today, arab today
Arab Today, arab today
 
 Arab Today Facebook,arab today facebook  Arab Today Twitter,arab today twitter Arab Today Rss,arab today rss  Arab Today Youtube,arab today youtube  Arab Today Youtube,arab today youtube
arabstoday arabstoday arabstoday arabstoday
arabstoday arabstoday arabstoday
arabstoday
بناية النخيل - رأس النبع _ خلف السفارة الفرنسية _بيروت - لبنان
arabstoday, Arabstoday, Arabstoday