Apple Inc. Boosts App Store Security After XcodeGhost Malware Infects Hundreds Of iPhone, iPad Apps
Apple is taking steps to prevent tainted apps from making their way onto the App Store. This includes making it easier for Chinese developers to download its official app tools from Chinese domestic servers, Phil Schiller, Apple senior vice president of marketing told Chinese news agency Sina.com.
Schiller’s comments come two days after Apple acknowledged that several apps on its store were compromised by XcodeGhost -- a piece of malware that infected apps built by developers using a tainted version of Apple’s Xcode programming tools. Apple makes the tools freely available to developers through its Mac App Store. But some Chinese programmers turned to downloading Xcode from unofficial third-party sources, because download speeds were too slow from the company’s overseas servers, according to Reuters.
Developers then unknowingly published their infected apps, which were distributed through the App Store. Apple has already removed known infected apps from its store and it has set up a support page, where it will post a list of the 25 most popular apps affected by the malware.
“After the top 25 impacted apps, the number of impacted users drops significantly,” Apple’s support page reads. Messaging app WeChat and a Chinese version of “Angry Birds 2” were among some of the infected apps. Customers should delete the infected apps from their iPhone, iPad or iPod Touch until a clean version of the respective app is released.
Apple also outlined steps for developers to check that their version of Xcode is authentic and unmodified:
To verify the identity of your copy of Xcode run the following command in Terminal on a system with Gatekeeper enabled:
spctl --assess --verbose /Applications/Xcode.app
where /Applications/ is the directory where Xcode is installed. This tool performs the same checks that Gatekeeper uses to validate the code signatures of applications. The tool can take up to several minutes to complete the assessment for Xcode.
After the command is run, the tool will display up to three valid responses, depending on where Xcode was downloaded from.
Mac App Store
/Applications/Xcode.app: accepted
source=Mac App Store
Apple Developer Portal
“/Applications/Xcode.app: accepted
source=Apple”
or
“/Applications/Xcode.app: accepted
source=Apple System”
If the tools display any responses other than “accepted” or from sources not from Apple, developers should download a fresh copy of Xcode from the company's website.
While Apple is expected to post the top 25 infected apps on its site, hundreds of apps may be affected by XcodeGhost, according to security companies such as Palo Alto Networks and Qihoo 360.
© Copyright IBTimes 2024. All rights reserved.
-
IMF Says Global Debt Levels Face 'Great Election Year' Risk
-
Divisions Among Colombia's FARC Dissidents Complicate Peace Talks
-
French Far Right Gets Youthful Vibe With 28-year-old Leader
-
Mideast-related Oil Price Spike Threatens 'Relatively Good' Economic Outlook: IMF Chief Economist
-
Wine Growers 'On Tip Of Africa' Race To Adapt To Climate Change
-
Despite Olympic Truce, Games Wrestle With Political Fallout
-
What Will The Fed Do With The Latest Inflation Numbers?
-
US Retail Sales Up More Than Expected In March
-
Alexandre De Moraes: Brazil Judge In Feud With Elon Musk
-
Paris 2024 Games Flame To Be Lit In Ancient Olympia
