Apple is removing hundreds of apps from the App Store after discovering that they contain a malicious program called XcodeGhost.
In the entire lifespan of the App Store, Apple has only previously found five malicious apps — making this easily the single biggest security lapse in App Store history.
Apple has declined to say exactly how many apps slipped past its review process, but Chinese security firm Qihoo360 Technology claims to have uncovered a total of 344 apps affected by XcodeGhost.
XcodeGhost made its way into legitimate apps when it was uploaded to the Chinese file sharing service Baidu and then downloaded by some Chinese app developers. They then compiled their apps using the malicious code and distributed them via the App Store.
Because of the apps’ origin, most of the affected users are based in China, although some of the other apps — such as scanner app CamCard — are available in the U.S. and other countries. The most popular app affected in WeChat, which is widely used in both China and other parts of the Asia-Pacific region. WeChat says the malicious XcodeGhost only affects older versions of the app.
“We’ve removed the apps from the app store that we know have been created with this counterfeit software,” Apple spokeswoman Christine Monaghan said in a statement. “We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”
Source: The Guardian