Apple yesterday confirmed that it was in the process of cleaning up its App Store after it was identified that malicious programs had been installed onto iPhones and iPads. The news comes after security firms discovered that a code called XcodeGhost was embedded in numerous iPhone and iPads apps that have been legitimately sold on the Apple App Store. According to Apple, the hackers managed to embed XcodeGhost into iPhone and iPad apps by convincing developers that the software was legitimate. Apple’s Christine Monaghan said that:
We’ve removed the apps from the App Store that we know have been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.
This is the first major attack Apple has suffered, which is due to its intense app review process to ensure that no malicious software makes it onto the Store. In fact, before this attack it was reported that only five other malicious apps had made their way onto the App Store, making this new attack a very intriguing situation.
Unfortunately Apple didn’t provide any instructions to users as to how to determine whether their devices have become infected with the malicious software, with researchers saying that the infected apps include WeChat and 344 other apps. However, WeChat reassured users by stating that the malicious software issues are limited to an older version of the popular messaging app, namely WeChat 6.2.5. which was released on 10 September 2015. The current version 6.2.6. was released on 12 September 2015. WeChat went on to confirm that no thefts or leaks of information has occurred.
We suggest you ensure that you’re running iOS 9 and that all your apps are up to date.