Wait to re-install until you know the latest versions are safe. What to do? Your best bet is to uninstall any of the affected apps. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps." Only the most recent versions of the apps, which used the counterfeit Xcode, are infected.Īpple told Reuters, "We've removed the apps from the App Store that we know have been created with this counterfeit software. And CamCard, a business card reader and scanner app which is popular in the U.S. For example, the popular WeChat messaging app, with about 500 million users worldwide, was affected. Developers who used that version of Xcode unwittingly put the malware into iOS apps they wrote.Īlthough many of the apps infected this way were only for the Chinese market, a number of them are also used worldwide. The malware made its way into the iOS apps because a counterfeit version of Xcode (Apple's programming tool for creating iOS apps) was purposely infected with it, then uploaded to Baidu's file sharing service, which Chinese iOS and OS X developers use. The techniques used in this attack could be adopted by criminal and espionage focused groups to gain access to iOS devices. The announcement was made on the Chinese social media site.
#APPLE XCODE GHOST CODE#
Palo Alto Networks says this about it: We believe XcodeGhost is a very harmful and dangerous malware that has bypassed Apple's code review and made unprecedented attacks on the iOS ecosystem. Apple is to make Xcode available for local download from servers based in China as part of its response to the XcodeGhost malware issue.
Threat Prevention is designed to detect and stop malicious apps from being installed on mobile devices.In other words, it's a nasty piece of work. Use an advanced threat detection solution like Check Point Mobile Threat Prevention. Yes, if an app affected by this vulnerability is installed on an iOS device, Mobile Threat Prevention will detect the app, alert the user and enforce organizational policies to quarantine and protect the device. Apple has removed over 300 different apps from the App Store with this injected malicious code.ĭoes Check Point MTP protect against this malware? However, it’s possible that Chinese developers working on apps for clients in other nations are affected, and could have published apps to the App Store that include malicious code without their knowledge. The injected code sends app info to a C&C server, allowing the infected app to read the device clipboard (meaning, any information copied by the user from any of the device interfaces or apps), to change browser info (create phishing websites) and more.ĭue to the fact that the XcodeGhost platform was uploaded to Chinese facing servers (baidu), the attack is most likely to happen on, but not limited to, apps developed and distributed in China. For example, developers in China with low bandwidth to western hosted services by Apple may find other download sources for Xcode. The compromised version of Xcode is not found on iTunes, but can be downloaded elsewhere by developers who may find it hard to use iTunes to download the platform. How did the Xcode developer platform become compromised?
#APPLE XCODE GHOST PASSWORD#
Infected apps are capable of receiving commands from the attacker through the server to perform actions such as prompting a fake alert dialog to phish user credentials hijacking or opening specific URLs based on their scheme, allowing exploitation of vulnerabilities in the iOS system or other iOS apps reading and writing data in the user’s clipboard, which could be used to read content such as the user’s password if that password is copied from a password management tool to the clipboard. Reports from attacked users indicate that infected apps try to steal iCloud credentials using phishing attacks. This unofficial version of Xcode was altered so that it injects malicious code into any app that was developed and compiled using it. XcodeGhost is a compromised version of the iOS developer platform, Xcode.
0 kommentar(er)
