Skip to main content

Apple cleans up iOS store after major malware security breach

Although it has its detractors, Apple’s closed ecosystem has helped it to maintain strict control over its iOS App Store, with stringent checks working to eliminate malware from making it into the store.

In recent days, however, a number of security firms have uncovered the existence of infected iPhone apps in the iOS store in what looks to be the biggest security breach in the store’s seven-year history.

Recommended Videos

Security firm Palo Alto Networks (PAN) said it’d so far uncovered 39 infected apps “potentially impacting hundreds of millions of users” in multiple countries. It described the malicious software as “a very harmful and dangerous malware that has bypassed Apple’s code review and made unprecedented attacks on the iOS ecosystem.”

PAN’s analysis of the malware revealed it’s capable of, for example, prompting fake phishing alerts to grab user credentials, as well as reading and writing data in the user’s clipboard, which could be used to obtain password information if such data is copied from a password management tool.

In a statement obtained by Reuters, Apple spokesperson Christine Monaghan said, “We’ve removed the apps from the App Store that we know have been created with this counterfeit software.”

Affected software includes leading Chinese messaging app WeChat and China-based Uber competitor Didi Kuaidi. WeChat said in a blog post the malware had been discovered in an earlier version of its app and so iOS users should ensure they have the latest malware-free version on their device.

It seems hackers targeted Chinese developers in their effort to get the malware into apps and onto the App Store. This was done by getting developers to use a tainted version of Apple’s app development tool, called Xcode.

Without realizing, developers using the tainted software, dubbed XcodeGhost, were incorporating malware into their apps before submitting them to the App Store. Apple’s own checking procedures failed to spot the malicious software, allowing infected apps into the App Store for iPhone, iPad, and iPod Touch users to download.

With Apple proud of its reputation for security when it comes to its iOS app store, the incident will be a matter of concern – and embarrassment – for the company. Apple said on Sunday it’s warning iOS developers to obtain Xcode only from its own site, rather than from third-party sources, which seems to have been the case here.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Apple could finally fix Siri on iPhones with help from Google’s Gemini
Gemini Live on an iPhone.

“Find me a decent coffee shop where I can sit and get work done?” I uttered into my iPhone’s mic. 

“I’ll need to use ChatGPT to write that.” That was Siri’s response in my interaction with Apple’s voice assistant just over a week ago. Google’s Gemini assistant helped me the way I expected it to. 

Read more
I’m using Perplexity iOS Voice Assistant on my iPhone, and it’s better than Siri
Using Perplexity Assistant on an iPhone.

“Hey Siri, book me a table for four people, 7 PM, at Blue Tokai coffee shop in New Friends Colony.”

“Do you want me to use ChatGPT to answer that?”

Read more
iPhone theft victim sues Apple. It sparks a new hope for others, too
The iPhone 16 sticking out of someone's pocket.

Smartphones are the center of our digital existence. Not just because they open the doors for communication and social connection, but also due to their role as gatekeepers of our financial and professional lives. 

Needless to say, a stolen iPhone can upend your life in many ways, but it’s even harder to recover those precious files stored on the device. A few victims of iPhone theft may finally have a chance, thanks to a lawsuit against Apple over not offering enough help in recovery efforts.

Read more