Skip to main content
  1. Home
  2. Phones
  3. Apple
  4. Mobile
  5. News

Apple to alert affected users about major iOS security breach

By
Add as a preferred source on Google

While Apple says it so far has no evidence suggesting that malware-infected apps discovered recently in its iOS store have stolen personal data or caused any other issues for users, it’ll nevertheless be contacting anyone who’s downloaded one or more of the infected apps with advice on what steps to take.

A Q&A posted by the Cupertino company on Tuesday aimed to ease the concerns of iPhone and iPad users who fear they may be using infected apps built with a modified version of Xcode, Apple’s app-building tool. The incident, which first hit the headlines over the weekend, is believed to be the most serious security breach in the App Store’s seven-year history.

Recommended Videos

Initial reports suggested around 40 apps were carrying the malware – among them Chinese messaging app WeChat and China-based Uber competitor Didi Kuaidi – though other reports have suggested a far higher number.

Apple responds

Responding to the issue in the Q&A, Apple said it’d removed infected apps that it’s aware of from its iOS App Store and is now blocking submissions of new apps that contain the malware.

“We’re working closely with developers to get impacted apps back on the App Store as quickly as possible for customers to enjoy,” the tech giant said, at the same time promising to release a list of the top 25 most popular apps impacted by the malware “so users can easily verify if they have downloaded the latest versions of these apps.”

The company confirmed it’ll be contacting customers who downloaded an app/apps that could have been compromised, adding, “Once a developer updates their app, that will fix the issue on the user’s device once they apply that update.”

Developers who created the malware-ridden software did so without realizing. Their mistake was to grab Xcode from a third-party site instead of from Apple’s own, as the version they downloaded had been altered to ensure apps created with the tool would incorporate the malicious software.

Some developers, mostly based in China, are known to head to third-party sites for the tool because they offer a faster download time. Apple is urging developers to stick with its own site for the tool, and is also promising to work on speeding up download times.

Security firm Palo Alto Networks (PAN) said the malware potentially impacts “hundreds of millions of users,” and described the malicious software as “a very harmful and dangerous malware that has bypassed Apple’s code review and made unprecedented attacks on the iOS ecosystem.”

Trevor Mogg
Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Topics
How to reserve your WhatsApp username
Three to 35 characters, no public directory, and reservations are open right now.
Electronics, Phone, Mobile Phone

WhatsApp username reservations are now open globally. While you still need a phone number to create an account, usernames let you start conversations without sharing your phone number. 

Claiming yours would take less than a minute, but only when you go in with all the details. 

Read more
XChat finally lands on Android, bringing encrypted messaging beyond X
X's standalone messaging app is now rolling out to Android with encrypted chats, calls, and file sharing.
XChat Featured Logo

X is taking another step toward Elon Musk's vision of an "everything app." The company has officially announced that XChat is now available on Android, expanding its standalone messaging app beyond iPhone and giving millions more users access to its growing list of communication features.

Encrypted chats, calls, and file sharing come to Android

Read more
WhatsApp is finally getting usernames and you should go reserve yours right now
Three billion users, one good username each, and reservations just opened.
Adult, Male, Man

If you’ve ever been reluctant to share your personal number with someone just to start a conversation on WhatsApp, the platform has an update that will make you feel much more comfortable, one that Signal has had for two years now.

WhatsApp has finally confirmed usernames, a phone-number-free approach to connecting with people on the platform. However, given that the feature will roll out to three billion people on the app, you'd better hurry to lock yours in before someone else steals it.

Read more