Apple App Store Experiences First Large-Scale Hack
Sept. 21, 2015
On Sunday, Apple acknowledged reports that had been leaking out during the second half of last week that said the App Store had been hacked on a large scale for the first time, with perhaps hundreds of apps infected with malicious code having been approved by Apple’s stringent app review process. The vulnerability originated in China, where hackers were able to get legitimate app developers to unknowingly embed the code in apps by generating a counterfeit version of Xcode, a tool used by developers to create apps for iOS and Mac OS. The malicious code has been dubbed XcodeGhost.
“We’ve removed the apps from the App Store that we know have been created with this counterfeit software,” Apple spokeswoman Christine Monaghan told Reuters. “We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”
While the information the hackers have been able to obtain from users who downloaded infected apps is not thought to be especially harmful, researchers have characterized it as important because it shows the App Store can be vulnerable to hackers through developers with legitimate apps. Popular Chinese apps WeChat and car-hailing app Didi Kuaidi are among the infected apps.