Skip to main content

Apple cleans up iOS store after major malware security breach

iOS 9 Hands On
Malarie Gokey/Digital Trends
Although it has its detractors, Apple’s closed ecosystem has helped it to maintain strict control over its iOS App Store, with stringent checks working to eliminate malware from making it into the store.

In recent days, however, a number of security firms have uncovered the existence of infected iPhone apps in the iOS store in what looks to be the biggest security breach in the store’s seven-year history.

Recommended Videos

Security firm Palo Alto Networks (PAN) said it’d so far uncovered 39 infected apps “potentially impacting hundreds of millions of users” in multiple countries. It described the malicious software as “a very harmful and dangerous malware that has bypassed Apple’s code review and made unprecedented attacks on the iOS ecosystem.”

Please enable Javascript to view this content

PAN’s analysis of the malware revealed it’s capable of, for example, prompting fake phishing alerts to grab user credentials, as well as reading and writing data in the user’s clipboard, which could be used to obtain password information if such data is copied from a password management tool.

In a statement obtained by Reuters, Apple spokesperson Christine Monaghan said, “We’ve removed the apps from the App Store that we know have been created with this counterfeit software.”

Affected software includes leading Chinese messaging app WeChat and China-based Uber competitor Didi Kuaidi. WeChat said in a blog post the malware had been discovered in an earlier version of its app and so iOS users should ensure they have the latest malware-free version on their device.

It seems hackers targeted Chinese developers in their effort to get the malware into apps and onto the App Store. This was done by getting developers to use a tainted version of Apple’s app development tool, called Xcode.

Without realizing, developers using the tainted software, dubbed XcodeGhost, were incorporating malware into their apps before submitting them to the App Store. Apple’s own checking procedures failed to spot the malicious software, allowing infected apps into the App Store for iPhone, iPad, and iPod Touch users to download.

With Apple proud of its reputation for security when it comes to its iOS app store, the incident will be a matter of concern – and embarrassment – for the company. Apple said on Sunday it’s warning iOS developers to obtain Xcode only from its own site, rather than from third-party sources, which seems to have been the case here.

Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Apple’s futuristic iPhone display may not be released for a while longer
Someone holding an iPhone 16, showing a home screen.

If you wish to use an iPhone with virtually no bezels around the screen, you will need to wait a little longer than initially thought. A new industry report says the release of Apple's long-rumored OLED display with "zero bezels" for the iPhone has slid further into an uncertain timeline.

South Korean outlet The Elec, which was the first to report of the existence of a "zero-bezel" iPhone display, has now reported the launch date is unforeseeable because the technology "is not yet developed enough."

Read more
I finally have RCS on my iPhone, and it’s one of my favorite iOS 18 features
An iPhone 16 Pro showing RCS messaging.

Apple’s Messages app has certainly come a long way. When the first iPhone launched in 2007, it could only send SMS -- there weren't even picture messages. Then it got MMS protocol support in iPhone OS 3.0 with the iPhone 3GS. With iPhone OS 5.0, Apple implemented its own iMessage chat protocol, making it easy for Apple users to communicate with other Apple device users.

However, when it came to messaging Android users, Apple dragged its feet for the longest time, sticking with SMS and MMS, which aren’t encrypted and don't offer full-quality photo and video sending. It also sparked the whole blue bubble versus green bubble war.

Read more
Is your child safe from inappropriate apps on Apple App Store? A report says no
App Store screenshot on iPhone.

Apps aimed at children have been available since the inception of the App Store. However, not all apps created for minors are safe to use. This is the main finding of a new survey conducted by two child safety organizations. The report presents the results of a 24-hour research study in which 800 apps were reviewed, and the findings are concerning.

The Heat Initiative and ParentsTogether Action study found that Apple's App Store is a mass distributor of risky and inappropriate apps to children. Many apps have features that put children at risk of sexual abuse and exploitation, low self-esteem and poor body image, disordered eating, exposure to sexual and violent content, and more. Apple claims that the App Store is a safe place for children, but the study found that Apple takes no legal responsibility for the veracity of age ratings.

Read more