SoylentNews is people
SoylentNews
Apple has said it is taking steps to remove malicious code added to a number of apps commonly used on iPhones and iPads in China.
It is thought to be the first large-scale attack on Apple's App Store.
The hackers created a counterfeit version of Apple's software for building iOS apps, which they persuaded developers to download.
Apps compiled using the tool allow the attackers to steal data about users and send it to servers they control.
Cybersecurity firm Palo Alto Networks - which has analysed the malware dubbed XcodeGhost - said the perpetrators would also be able to send fake alerts to infected devices to trick their owners into revealing information.
It added they could also read and alter information in compromised devices' clipboards, which would potentially allow them to see logins copied to and from password management tools.
takyon: Affected apps include WeChat, NetEase's music downloading app, Didi Kuaidi's Uber-like car hailing app, the business card scanner CamCard, and more.
(Score: 3, Informative) by RedBear on Tuesday September 22 2015, @08:48AM
It's interesting that this is being discussed as if it's some kind of major hack of the App Store itself, when nothing could be further from the truth. This apparently all came about because a bunch of Chinese developers unwisely downloaded a trojanned version of Xcode from some Chinese file sharing site. Hopefully after this developers won't be dumb enough to download their IDE from anyone besides Apple, or at least they'll learn to do a proper CRC check on the downloaded file before trusting it.
I believe they would also need to disable GateKeeper, the Mac OS X security feature that tries to keep you from running binaries from unknown developers. They would have to turn the security level down to "Allow apps downloaded from: Anywhere" in order to run the compromised Xcode binary. Any idiot should have understood that if their copy of Xcode didn't pass the security verification there was something wrong with it. So there are multiple reasons this should never have happened, and none of the other millions of apps on the App Store were ever at any risk of being compromised if they weren't compiled with this hacked copy of Xcode. This isn't an attack on the App Store, it's an attack on developers who don't understand basic security precautions. As soon as all the affected apps are recompiled with a proper version of Xcode and auto-updated to clients (and nearly all iOS devices are auto-downloading and installing app updates by default at this point) this issue will quickly disappear.
People who seem to know what they're talking about have frequently discussed the fact that if the compiler is compromised it's very difficult to know that the resulting compiled software is compromised, so I have trouble laying much blame for this, if any, at Apple's doorstep. The compiled compromised application is properly signed just like any regular app. Apps compromised in this way, at the compiler level, would find their way quite easily into any Linux package management system just as these apps found their way into the App Store without triggering any alarms.
The one thing that can be laid squarely on Apple's shoulders is the fact that they really do need to improve their content delivery network. It sucks pretty hardcore most of the time, which is what motivated these developers to look for an alternate download source. Xcode is around 5GB these days, and you have to download the whole thing every time there is an update. It takes forever even on a good day. You'd think with all their billions they could do better.
¯\_ʕ◔.◔ʔ_/¯ LOL. I dunno. I'm just a bear.
... Peace out. Got bear stuff to do. 彡ʕ⌐■.■ʔ