Apple cleans up the App Store after biggest security lapse in history

Apple cleans up the App Store after biggest security lapse in history


Apple has lost its third appeal for ownership of the term App Store in Oz. Photo: Apple
Malicious code is causing Apple to remove hundreds of apps from the App Store.
Photo: Apple

Apple is removing hundreds of apps from the App Store after discovering that they contain a malicious program called XcodeGhost.

In the entire lifespan of the App Store, Apple has only previously found five malicious apps — making this easily the single biggest security lapse in App Store history.

Apple has declined to say exactly how many apps slipped past its review process, but Chinese security firm Qihoo360 Technology claims to have uncovered a total of 344 apps affected by XcodeGhost.

XcodeGhost made its way into legitimate apps when it was uploaded to the Chinese file sharing service Baidu and then downloaded by some Chinese app developers. They then compiled their apps using the malicious code and distributed them via the App Store.

Because of the apps’ origin, most of the affected users are based in China, although some of the other apps — such as scanner app CamCard — are available in the U.S. and other countries. The most popular app affected in WeChat, which is widely used in both China and other parts of the Asia-Pacific region. WeChat says the malicious XcodeGhost only affects older versions of the app.

“We’ve removed the apps from the app store that we know have been created with this counterfeit software,” Apple spokeswoman Christine Monaghan said in a statement. “We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”

Source: The Guardian

Cult of Mac's Newsletters

Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.