Apple is removing hundreds of apps from the App Store after discovering that they contain a malicious program called XcodeGhost.
In the entire lifespan of the App Store, Apple has only previously found five malicious apps — making this easily the single biggest security lapse in App Store history.
Apple has declined to say exactly how many apps slipped past its review process, but Chinese security firm Qihoo360 Technology claims to have uncovered a total of 344 apps affected by XcodeGhost.
XcodeGhost made its way into legitimate apps when it was uploaded to the Chinese file sharing service Baidu and then downloaded by some Chinese app developers. They then compiled their apps using the malicious code and distributed them via the App Store.
Because of the apps’ origin, most of the affected users are based in China, although some of the other apps — such as scanner app CamCard — are available in the U.S. and other countries. The most popular app affected in WeChat, which is widely used in both China and other parts of the Asia-Pacific region. WeChat says the malicious XcodeGhost only affects older versions of the app.
“We’ve removed the apps from the app store that we know have been created with this counterfeit software,” Apple spokeswoman Christine Monaghan said in a statement. “We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”
Source: The Guardian
Luke Dormehl is a U.K.-based journalist and author, with a background working in documentary film for Channel 4 and the BBC. He is the author of The Apple Revolution and The Formula: How Algorithms Solve All Our Problems … and Create More, both published by Penguin/Random House. His tech writing has also appeared in Wired, Fast Company, Techmeme and other publications.
15 responses to “Apple cleans up the App Store after biggest security lapse in history”
It seems since Cook over the CEO position and since Steve jobs death Apples stature is starting wane. iTunes screw up and now this with apps for iOS. They need someone to kick butt at Apple.
Wow, overreact much? First, these reports pale by comparison to other mobile OSs… and when caught, they strengthen the overall system. If you think anything can be completely security proof think again… but I’ll stick with the brand that does it best.
The whole “Job’s wouldn’t have done this” meme is so 2011.
It’s getting VERY OLD I agree! Many things Steve wouldn’t do, NEEDED to be done and for that I thank Tim!
“Apple cleans up the App Store after biggest security lapse in history”
Of course you mean, “the biggest security lapse in •Apple’s• history… in China.” Even at that, I think more people were potentially affected during the iCloud password breach of last year.
One thing is certain, no company I’m aware of tries harder to keep users secure, and works faster to correct the inevitable breech. Too bad the same can’t be said of Home Depot, Target… and the American government.
nothing was mentioned about what to do if you have one of these apps installed?
Just uninstall.
Oh, and change all your passwords — no big deal, right? I’m guessing this story is much bigger, and the damage goes far deeper than Apple cares to admit. Their “secure”, “curated” App Store has lost a lot of credibility.
@Garrai:disqus … Actually, if you use a password manager it should not be a big deal to change your passwords, something you should do periodically anyway. Just a smart computing in 2015.
And •I’m• guessing that •your• “guessing the story is much bigger” is a bad guess. Though written about as a “major breech”, this is not. The iTunes store has 1,500,000 apps, and this is a tiny handful of infected apps. At that, the compromise was probably unavoidable, given how it was enacted.
Criticism is easy, but no system anywhere is perfect. That said, Apple does a great job of managing their enormous infrastructure(s). Of course, if you’re really worried, you can always use an Android device.
First-world problems. Shut up and change your passwords already.
Thanks China!
I’m curious about this fake X Code…
You’d think by now people would realize to stop downloading stuff from fileshare services in China. I don’t even get an app made by a Chinese developer with obviously bad English in the description unless I know others have been using it for some time.
Happened to my moms phone last night in singapore it begin to send out random messages to people sent locations to a whatsapp contact and send to photos it looked like pocket dial but the phone was on the nightstand in the night
Well… thanks to fast reporting and fast fixing by Apple, your Mom now knows what to do: delete the app, change her passwords.
Any updates on CamCard – the app is still available on the app store with a blurb denying any issues with their software?