• TV
  • MOVIES
  • MUSIC
  • SHOWBIZ
  • SOAPS
  • GAMING
  • TECH
  • FORUMS
  • Follow
    • Follow
    • facebook
    • twitter
    • google+
    • instagram
    • youtube
Hearst Corporation
  • TV
  • MOVIES
  • MUSIC
  • SHOWBIZ
  • SOAPS
  • GAMING
  • TECH
  • FORUMS
Forums
  • Register
  • Login
  • Forums
  • Gadgets
  • Mobile Phones
Apple App Store hit by malware.....
<<
<
2 of 3
>>
>
jonner101
21-09-2015
Originally Posted by Mark in Essex:
“As Manuel says..... "Keh"? ”

Xcode is the tool used to compile iOS applications from source code into the actual iOS application.

I've not looked too much into the story but it seems there is a dodgy hacked version of this software which will implant malware into the compiled end iOS app. Presumably whatever tools Apple used to vet submitted apps were fooled by this, at least until now.
alanwarwic
21-09-2015
Im not sure how many Apple is finding, reporting is finding them , some I assume reported by users, like Mercury back in May.
Its now at 300 and counting.

http://www.wired.com/2015/09/apple-r...pps-app-store/
Mark in Essex
21-09-2015
Originally Posted by jonner101:
“Xcode is the tool used to compile iOS applications from source code into the actual iOS application.

I've not looked too much into the story but it seems there is a dodgy hacked version of this software which will implant malware into the compiled end iOS app. Presumably whatever tools Apple used to vet submitted apps were fooled by this, at least until now.”

Ok.

Cheers for that (I only read a little of it).

Mark.
alanwarwic
21-09-2015
http://m.theinquirer.net/inquirer/ne...-android-users

Rather than being hijacked this Android malware was specially written. And the bit of code is then being obcurated so that it is undetected in other apps.
I assume this is more the norm for all platfrom app stores.
IvanIV
22-09-2015
I don't know what sort of checks Apple performs on submitted apps, if just ideological ones , but one should be able to detect a use of APIs that should flag the app as potentially malicious. Although the way of injecting the malware is genius, using otherwise trusted developers to upload it for them.
alanwarwic
22-09-2015
One of the various companies flagging the malware for Apple are now reporting Pangu Team as listing 3,418 hacked malware apps .
http://researchcenter.paloaltonetwor...cted-ios-apps/

There really has to be 10,s of thousands of apps doing naughty things on all platforms.
IvanIV
23-09-2015
So they can find XCodeGhost-ed apps, because they know exactly what they are looking for. But what about other intrusions? According to Snowden this method was known and was likely used before. They can't really tell if anything does not belong there if it masquerades as a part of the app, namespaces, names, etc.
alanwarwic
23-09-2015
Mines bigger than yours says FireEye.
4000 of them with the same bit of dodgy code apparantly.
http://www.theregister.co.uk/2015/09...four_thousand/
IvanIV
23-09-2015
If it goes on like this Windows Store will have more apps than the Apple Store
Stiggles
23-09-2015
It's odd how this thread is so quiet!! If this was Android we would have been pages long by now!!
BKM
23-09-2015
Originally Posted by Stiggles:
“It's odd how this thread is so quiet!! If this was Android we would have been pages long by now!!”

Why? It was a very minor issue (possibly confined to China).
Stiggles
23-09-2015
Originally Posted by BKM:
“Why? It was a very minor issue (possibly confined to China).”

I assume you have never seen a thread about a dodgy app in the Android store?!

I also wouldn't class nearly 4000 apps infected, people here having apps removed a minor issue. The fact people here and worldwide have had apps removed makes it not confined to china at all.
BKM
23-09-2015
Originally Posted by Stiggles:
“I assume you have never seen a thread about a dodgy app in the Android store?!”

Perhaps the Android bugs you refer to had somewhat more than zero impact!

As the Apple "Bendgate" (not-much-of-an!!!) issue generated literally dozens of pages here I suspect that, had the app-store problem been anything major, the Android/anti-Apple usual suspects would have made their usual 100s of doom-and-gloom posts!
BKM
23-09-2015
Originally Posted by Stiggles:
“I also wouldn't class nearly 4000 apps infected,
.”

What are you on about????

"Chinese security firm Qihoo360 Technology Co (QIHU.N) said on its blog that it had uncovered 344 apps tainted with XcodeGhost"
kidspud
23-09-2015
Originally Posted by Stiggles:
“It's odd how this thread is so quiet!! If this was Android we would have been pages long by now!!”

I expect the reason it is so quiet is because Apple can control this situation (removing the apps from both the store and the phone).

Besides, it isn't that quiet, there a few posts from those that don't own Apple devices, as usual.
IvanIV
23-09-2015
Originally Posted by BKM:
“What are you on about????

"Chinese security firm Qihoo360 Technology Co (QIHU.N) said on its blog that it had uncovered 344 apps tainted with XcodeGhost"”

Read up, it's up to 4000 now.
kidspud
23-09-2015
Originally Posted by IvanIV:
“Read up, it's up to 4000 now.”

Is there a list of the 4000?
Stiggles
23-09-2015
Originally Posted by BKM:
“What are you on about????

"Chinese security firm Qihoo360 Technology Co (QIHU.N) said on its blog that it had uncovered 344 apps tainted with XcodeGhost"”

http://www.theregister.co.uk/2015/09...four_thousand/

Its not confined to china at all and its no minor issue. Never was. People have claimed in this very thread they have had apps removed from their devices.
Stiggles
23-09-2015
Originally Posted by kidspud:
“I expect the reason it is so quiet is because Apple can control this situation (removing the apps from both the store and the phone).

Besides, it isn't that quiet, there a few posts from those that don't own Apple devices, as usual.”

Google and MS can remotely remove apps from devices as well. That's not exclusive to apple.

What i meant however is, the last time Android had a security issue we had a huge long thread claiming how unsecure Android was etc etc etc from people that didn't have any Android devices.
kidspud
23-09-2015
Originally Posted by Stiggles:
“Google and MS can remotely remove apps from devices as well. That's not exclusive to apple.

What i meant however is, the last time Android had a security issue we had a huge long thread claiming how unsecure Android was etc etc etc from people that didn't have any Android devices.”

I agree. It makes a nice change this there isn't the normal hysterical reaction which usually follows anything Apple.

I don't know whether Google can remove apps. How does it deal with all the apps which come from other stores/websites?
BKM
23-09-2015
Originally Posted by Stiggles:
“What i meant however is, the last time Android had a security issue we had a huge long thread claiming how unsecure Android was etc etc etc from people that didn't have any Android devices.”

So you are complaining that the usual suspects (none of whom own iPhones but who normally create vast amounts of hot air about any trivial issue!) are failing in their duty!!!!

As I said all evidence so far suggest Apple caught this early enough to prevent any problems to anyone!
Stiggles
23-09-2015
Originally Posted by kidspud:
“I agree. It makes a nice change this there isn't the normal hysterical reaction which usually follows anything Apple.

I don't know whether Google can remove apps. How does it deal with all the apps which come from other stores/websites?”

There shouldn't be hysterical reactions to anything really, but it goes both ways. Security issue with Android, apple fans going crazy saying how unsecure Android is etc. Apple security issue, Android fans going crazy saying how unsecure it is.

The difference i have noticed is, apple fans on a security issue with apple always try to dumb it down claiming there is no issue.

Yeah, Google can remove apps downloaded from their store remotely. It's been done before. I'm not overly sure if they can remove apps from 3rd party stores. I'm not even sure apple can do that either.
Stiggles
23-09-2015
Originally Posted by BKM:
“So you are complaining that the usual suspects (none of whom own iPhones but who normally create vast amounts of hot air about any trivial issue!) are failing in their duty!!!!

As I said all evidence so far suggest Apple caught this early enough to prevent any problems to anyone!”

I don't think you need to own an iphone since this relates to all apple products that can download apps. I have an ipad and an ipod if that makes you feel better.

What evidence is that? Cant say ive seen any apart from apple as always not saying a word about it!
BKM
23-09-2015
Originally Posted by Stiggles:
“ I'm not overly sure if they can remove apps from 3rd party stores. I'm not even sure apple can do that either.”

No such things! You cannot sideload Apps on IOS - everything is from the App Store.
kidspud
23-09-2015
Originally Posted by Stiggles:
“I don't think you need to own an iphone since this relates to all apple products that can download apps. I have an ipad and an ipod if that makes you feel better.

What evidence is that? Cant say ive seen any apart from apple as always not saying a word about it!”

They say they have removed them and provide guidance to check Xcode.

https://developer.apple.com/news/?id=09222015a
<<
<
2 of 3
>>
>
VIEW DESKTOP SITE TOP

JOIN US HERE

  • Facebook
  • Twitter

Hearst Corporation

Hearst Corporation

DIGITAL SPY, PART OF THE HEARST UK ENTERTAINMENT NETWORK

© 2015 Hearst Magazines UK is the trading name of the National Magazine Company Ltd, 72 Broadwick Street, London, W1F 9EP. Registered in England 112955. All rights reserved.

  • Terms & Conditions
  • Privacy Policy
  • Cookie Policy
  • Complaints
  • Site Map