|
||||||||
Apple App Store hit by malware..... |
![]() |
|
|
Thread Tools | Search this Thread |
|
|
#26 |
|
Forum Member
Join Date: Apr 2008
Posts: 3,153
|
Quote:
As Manuel says..... "Keh"?
![]() I've not looked too much into the story but it seems there is a dodgy hacked version of this software which will implant malware into the compiled end iOS app. Presumably whatever tools Apple used to vet submitted apps were fooled by this, at least until now. |
|
|
|
|
Please sign in or register to remove this advertisement.
|
|
|
#27 |
|
Forum Member
Join Date: Oct 2003
Location: the wild world web
Posts: 28,132
|
Im not sure how many Apple is finding, reporting is finding them , some I assume reported by users, like Mercury back in May.
Its now at 300 and counting. http://www.wired.com/2015/09/apple-r...pps-app-store/ |
|
|
|
|
|
#28 |
|
Forum Member
Join Date: Mar 2005
Posts: 3,644
|
Quote:
Xcode is the tool used to compile iOS applications from source code into the actual iOS application.
I've not looked too much into the story but it seems there is a dodgy hacked version of this software which will implant malware into the compiled end iOS app. Presumably whatever tools Apple used to vet submitted apps were fooled by this, at least until now. Cheers for that (I only read a little of it). Mark. |
|
|
|
|
|
#29 |
|
Forum Member
Join Date: Oct 2003
Location: the wild world web
Posts: 28,132
|
http://m.theinquirer.net/inquirer/ne...-android-users
Rather than being hijacked this Android malware was specially written. And the bit of code is then being obcurated so that it is undetected in other apps. I assume this is more the norm for all platfrom app stores. |
|
|
|
|
|
#30 |
|
Forum Member
Join Date: May 2006
Posts: 25,199
|
I don't know what sort of checks Apple performs on submitted apps, if just ideological ones
, but one should be able to detect a use of APIs that should flag the app as potentially malicious. Although the way of injecting the malware is genius, using otherwise trusted developers to upload it for them.
|
|
|
|
|
|
#31 |
|
Forum Member
Join Date: Oct 2003
Location: the wild world web
Posts: 28,132
|
One of the various companies flagging the malware for Apple are now reporting Pangu Team as listing 3,418 hacked malware apps .
http://researchcenter.paloaltonetwor...cted-ios-apps/ There really has to be 10,s of thousands of apps doing naughty things on all platforms. |
|
|
|
|
|
#32 |
|
Forum Member
Join Date: May 2006
Posts: 25,199
|
So they can find XCodeGhost-ed apps, because they know exactly what they are looking for. But what about other intrusions? According to Snowden this method was known and was likely used before. They can't really tell if anything does not belong there if it masquerades as a part of the app, namespaces, names, etc.
|
|
|
|
|
|
#33 |
|
Forum Member
Join Date: Oct 2003
Location: the wild world web
Posts: 28,132
|
Mines bigger than yours says FireEye.
4000 of them with the same bit of dodgy code apparantly. http://www.theregister.co.uk/2015/09...four_thousand/ |
|
|
|
|
|
#34 |
|
Forum Member
Join Date: May 2006
Posts: 25,199
|
If it goes on like this Windows Store will have more apps than the Apple Store
|
|
|
|
|
|
#35 |
|
Forum Member
Join Date: Jan 2011
Location: Dundee, Scotland
Posts: 9,292
|
It's odd how this thread is so quiet!! If this was Android we would have been pages long by now!!
|
|
|
|
|
|
#36 |
|
Forum Member
Join Date: Jul 2007
Posts: 6,288
|
Quote:
It's odd how this thread is so quiet!! If this was Android we would have been pages long by now!!
|
|
|
|
|
|
#37 |
|
Forum Member
Join Date: Jan 2011
Location: Dundee, Scotland
Posts: 9,292
|
Quote:
Why? It was a very minor issue (possibly confined to China).
I also wouldn't class nearly 4000 apps infected, people here having apps removed a minor issue. The fact people here and worldwide have had apps removed makes it not confined to china at all. |
|
|
|
|
|
#38 |
|
Forum Member
Join Date: Jul 2007
Posts: 6,288
|
Quote:
I assume you have never seen a thread about a dodgy app in the Android store?!
As the Apple "Bendgate" (not-much-of-an!!!) issue generated literally dozens of pages here I suspect that, had the app-store problem been anything major, the Android/anti-Apple usual suspects would have made their usual 100s of doom-and-gloom posts! |
|
|
|
|
|
#39 |
|
Forum Member
Join Date: Jul 2007
Posts: 6,288
|
Quote:
I also wouldn't class nearly 4000 apps infected,
. "Chinese security firm Qihoo360 Technology Co (QIHU.N) said on its blog that it had uncovered 344 apps tainted with XcodeGhost" |
|
|
|
|
|
#40 |
|
Forum Member
Join Date: May 2010
Posts: 11,493
|
Quote:
It's odd how this thread is so quiet!! If this was Android we would have been pages long by now!!
Besides, it isn't that quiet, there a few posts from those that don't own Apple devices, as usual. |
|
|
|
|
|
#41 |
|
Forum Member
Join Date: May 2006
Posts: 25,199
|
Quote:
What are you on about????
"Chinese security firm Qihoo360 Technology Co (QIHU.N) said on its blog that it had uncovered 344 apps tainted with XcodeGhost" |
|
|
|
|
|
#42 |
|
Forum Member
Join Date: May 2010
Posts: 11,493
|
Quote:
Read up, it's up to 4000 now.
|
|
|
|
|
|
#43 |
|
Forum Member
Join Date: Jan 2011
Location: Dundee, Scotland
Posts: 9,292
|
Quote:
What are you on about????
"Chinese security firm Qihoo360 Technology Co (QIHU.N) said on its blog that it had uncovered 344 apps tainted with XcodeGhost" Its not confined to china at all and its no minor issue. Never was. People have claimed in this very thread they have had apps removed from their devices. |
|
|
|
|
|
#44 |
|
Forum Member
Join Date: Jan 2011
Location: Dundee, Scotland
Posts: 9,292
|
Quote:
I expect the reason it is so quiet is because Apple can control this situation (removing the apps from both the store and the phone).
Besides, it isn't that quiet, there a few posts from those that don't own Apple devices, as usual. What i meant however is, the last time Android had a security issue we had a huge long thread claiming how unsecure Android was etc etc etc from people that didn't have any Android devices. |
|
|
|
|
|
#45 |
|
Forum Member
Join Date: May 2010
Posts: 11,493
|
Quote:
Google and MS can remotely remove apps from devices as well. That's not exclusive to apple.
What i meant however is, the last time Android had a security issue we had a huge long thread claiming how unsecure Android was etc etc etc from people that didn't have any Android devices. I don't know whether Google can remove apps. How does it deal with all the apps which come from other stores/websites? |
|
|
|
|
|
#46 |
|
Forum Member
Join Date: Jul 2007
Posts: 6,288
|
Quote:
What i meant however is, the last time Android had a security issue we had a huge long thread claiming how unsecure Android was etc etc etc from people that didn't have any Android devices.
As I said all evidence so far suggest Apple caught this early enough to prevent any problems to anyone! |
|
|
|
|
|
#47 |
|
Forum Member
Join Date: Jan 2011
Location: Dundee, Scotland
Posts: 9,292
|
Quote:
I agree. It makes a nice change this there isn't the normal hysterical reaction which usually follows anything Apple.
I don't know whether Google can remove apps. How does it deal with all the apps which come from other stores/websites? The difference i have noticed is, apple fans on a security issue with apple always try to dumb it down claiming there is no issue. Yeah, Google can remove apps downloaded from their store remotely. It's been done before. I'm not overly sure if they can remove apps from 3rd party stores. I'm not even sure apple can do that either. |
|
|
|
|
|
#48 |
|
Forum Member
Join Date: Jan 2011
Location: Dundee, Scotland
Posts: 9,292
|
Quote:
So you are complaining that the usual suspects (none of whom own iPhones but who normally create vast amounts of hot air about any trivial issue!) are failing in their duty!!!!
As I said all evidence so far suggest Apple caught this early enough to prevent any problems to anyone! What evidence is that? Cant say ive seen any apart from apple as always not saying a word about it! |
|
|
|
|
|
#49 |
|
Forum Member
Join Date: Jul 2007
Posts: 6,288
|
Quote:
I'm not overly sure if they can remove apps from 3rd party stores. I'm not even sure apple can do that either.
|
|
|
|
|
|
#50 |
|
Forum Member
Join Date: May 2010
Posts: 11,493
|
Quote:
I don't think you need to own an iphone since this relates to all apple products that can download apps. I have an ipad and an ipod if that makes you feel better.
What evidence is that? Cant say ive seen any apart from apple as always not saying a word about it! https://developer.apple.com/news/?id=09222015a |
|
|
|
![]() |
|
All times are GMT. The time now is 17:40.





, but one should be able to detect a use of APIs that should flag the app as potentially malicious. Although the way of injecting the malware is genius, using otherwise trusted developers to upload it for them.