An attack called XCodeGhost hit of Apple applications developed in China. Among them, WeChat messaging application.
iPhones and Chinese iPad would they haunted? Some developers in the country have discovered a phantom threat in the Chinese App Store. Its name: XCodeGhost. This malicious code, which is likely to have botched dozens of applications for Apple devices, would steal information from the infected machine.
Apple is known to perform a strict moderation applications that are sent to it. The perpetrators of this attack have therefore used an original method. To create an application for the Apple operating system, developers use a set of tools grouped under the name of XCode. This is Apple itself offers XCode, the last version was uploaded to its servers on September 16. But in China, the Internet connection to the world is not very fast. And downloading software such as XCode, which “weighs” more than three gigabytes, can be terribly long.
or hackers have therefore posted a fake version, malicious, and XCode on Chinese servers, while the posing the official version. This false version, called post XCodeGhost, allows attackers to bypass Apple controls. Many Chinese developers pressed for time you have left. Among them, WeChat developers, messaging application of Chinese giant Tencent hundreds of millions of users. The company has updated its application since. Chuxing Didi, one of the two applications of the Chinese competitor Uber Didi Kuaidi and the official application of purchase train tickets, 12306 Railway, were also affected.
On the one company to another, the count of infected applications varies. Palo Alto Networks identifies dozens of applications affected when the Chinese Qihoo 360 counted 344. “We have removed the App Store applications that we know have been developed with this counterfeit software,” said a holder Apple word from Reuters. “We work with developers to ensure they are using legitimate version of Xcode to rebuild their applications.”
For now, no organization has documented sensitive data theft caused by this piracy. But it could open the field to other players that the developers would aim to infect mobile devices. For example, it is possible that hackers infect a developer of computer to change the official version of Xcode. Such attacks can in particular represent a serious threat to enterprise applications. Developed in-house for a specific company, they do not go through the official App Store.
No comments:
Post a Comment