Skip to main content
  1. Home
  2. Mobile
  3. News

Apple cleans up iOS store after major malware security breach

Trevor Mogg
By

iOS 9 Hands On
Malarie Gokey/Digital Trends
Although it has its detractors, Apple’s closed ecosystem has helped it to maintain strict control over its iOS App Store, with stringent checks working to eliminate malware from making it into the store.

In recent days, however, a number of security firms have uncovered the existence of infected iPhone apps in the iOS store in what looks to be the biggest security breach in the store’s seven-year history.

Recommended Videos

Security firm Palo Alto Networks (PAN) said it’d so far uncovered 39 infected apps “potentially impacting hundreds of millions of users” in multiple countries. It described the malicious software as “a very harmful and dangerous malware that has bypassed Apple’s code review and made unprecedented attacks on the iOS ecosystem.”

Related

PAN’s analysis of the malware revealed it’s capable of, for example, prompting fake phishing alerts to grab user credentials, as well as reading and writing data in the user’s clipboard, which could be used to obtain password information if such data is copied from a password management tool.

In a statement obtained by Reuters, Apple spokesperson Christine Monaghan said, “We’ve removed the apps from the App Store that we know have been created with this counterfeit software.”

Affected software includes leading Chinese messaging app WeChat and China-based Uber competitor Didi Kuaidi. WeChat said in a blog post the malware had been discovered in an earlier version of its app and so iOS users should ensure they have the latest malware-free version on their device.

It seems hackers targeted Chinese developers in their effort to get the malware into apps and onto the App Store. This was done by getting developers to use a tainted version of Apple’s app development tool, called Xcode.

Without realizing, developers using the tainted software, dubbed XcodeGhost, were incorporating malware into their apps before submitting them to the App Store. Apple’s own checking procedures failed to spot the malicious software, allowing infected apps into the App Store for iPhone, iPad, and iPod Touch users to download.

With Apple proud of its reputation for security when it comes to its iOS app store, the incident will be a matter of concern – and embarrassment – for the company. Apple said on Sunday it’s warning iOS developers to obtain Xcode only from its own site, rather than from third-party sources, which seems to have been the case here.

Editors' Recommendations

Topics
Trevor Mogg
Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
10 reasons you should buy an iPhone in 2024
Purple iPhone 14 (left) and a green iPhone 15 in hand.

The iPhone 15 lineup — which includes the standard iPhone 15 and the iPhone 15 Pro — is the iPhone at its best. It's the latest series of iPhones available today and the default choice if you're buying a new iPhone in 2024.

But it’s not the only choice of iPhones you can purchase. In fact, Apple still sells the iPhone 14, iPhone 13, and the iPhone SE on its website. You could also find other iPhone models available – refurbished or new — from other retailers or carrier stores.

Read more
We now know when Apple is adding RCS to the iPhone
The iPhone 14 Plus held in a man's hand.

Last November, Apple made a surprise announcement when it confirmed that RCS was coming to the iPhone in 2024. It's something iPhone and Android phone users alike have been waiting years for, but there was just one small problem: Apple never said when in 2024 RCS was coming. Thanks to Google, of all companies, we now have a better idea of when RCS is heading to the iPhone.

As spotted by 9to5Google, the Android website was recently updated with a new page dedicated to Google Messages. If you click on the "See more features" button for the section talking about RCS, there's a section titled "Better messaging for all" with the following text: "Apple has announced it will be adopting RCS in the fall of 2024. Once that happens, it will mean a better messaging experience for everyone."

Read more
iOS 18 could make my iPhone look like Android, and I hate it
The Apple iPhone 15 Pro Max and the Samsung Galaxy S23 Ultra's rear panels.

If rumors are to be believed, iOS 18 will allow you to customize the home screen on your iPhone more substantially than ever before. This feature will be familiar to Android phone owners, but I don’t want my iPhone to look like an Android phone.

It’s a weird double-edged sword, as by giving you more freedom to make the home screen look unique, iOS may also lose what makes it unique compared to the less constrained world of Android.
iOS 18 and your iPhone home screen

Read more