The Apple fortress just suffered a staggering blow with the first attack large scale against its App Store. © Apple
Apple: App Store suffered its first major attack – 2 Photos
In terms of safety, Android pays much more often the iOS chronic. This is partly related to fragmentation of the mobile operating system open source of Google in multiple versions and the policy of opening up the ecosystem of applications that offer many more opportunities for the spread of malware. By controlling the entire production line equipment, the development of the software part, and imposing strict controls on the design of applications and opportunities for interaction with iOS, Apple has built a fortress. Yet, no one is invulnerable …
The Californian giant has indeed admitted that its application store App Store has suffered his first attack of great magnitude. A spokeswoman for Apple said that several applications for iPad and iPhone infected with a malware were removed from the App Store. A cleaning operation which followed revelations of a security expert of the company Palo Alto Networks. He discovered 39 iOS applications containing a malware named XcodeGhost, distributed mainly by the Chinese version of the Apple App Store . This is actually a modified version of the Xcode development tool that Apple makes available to developers to create applications iOS and Mac OS.
Forty applications infected malware , never seen on the Apple App Store! Hackers have found a way to inject malicious software into the Xcode software kit that the firm Apple makes available to application developers iOS and Mac OS. © Apple
Among the infected applications include some popular services in China, such as instant messaging WeChat which has about 500 million users, Didi Kuaidi of service vehicle with driver Uber competitor or the CamCard business card scanner. XcodeGhost works by connecting to a command and control center to transmit information on the terminal. It receives back instructions on the screen to show the victim of false connection procedures requiring a username and password. But it can also open url to go get other viruses or read and write to the clipboard.
The Chinese firm specializing in security Qihoo360 Technology, quoted by Reuters, said for his part having discovered 344 XcodeGhost iOS-based applications. According to the analysis conducted by Palo Alto Software, this attack is not the result of operating a security hole iOS, but rather a clever opportunism. It turns out that many developers based in China prefer to retrieve copies of Xcode kit from local servers where the download is faster than from the Apple servers in the United States. To take this roundabout way, he must first disable Apple security features that would have detected the use of an unofficial version of Xcode.
All XcodeGhost corrupted versions were hosted on servers in the Chinese Internet giant Baidu. They have since been removed, along with all websites designed to collect the stolen information. Apple says it is cleaning its App Store and says working with the developers concerned to enable them to rebuild their applications from a healthy version of Xcode. A minimalist communication that wants to be reassuring. No word on the number of victims of the attack or how long these applications bombs were present in the App Store. Hard to believe, given the popularity of applications concerned, nobody was hit …
On the same subject
No comments:
Post a Comment