Skip to main content
  1. Home
  2. Mobile
  3. News

Apple cleans up iOS store after major malware security breach

By

iOS 9 Hands On
Malarie Gokey/Digital Trends
Although it has its detractors, Apple’s closed ecosystem has helped it to maintain strict control over its iOS App Store, with stringent checks working to eliminate malware from making it into the store.

In recent days, however, a number of security firms have uncovered the existence of infected iPhone apps in the iOS store in what looks to be the biggest security breach in the store’s seven-year history.

Recommended Videos

Security firm Palo Alto Networks (PAN) said it’d so far uncovered 39 infected apps “potentially impacting hundreds of millions of users” in multiple countries. It described the malicious software as “a very harmful and dangerous malware that has bypassed Apple’s code review and made unprecedented attacks on the iOS ecosystem.”

Please enable Javascript to view this content

PAN’s analysis of the malware revealed it’s capable of, for example, prompting fake phishing alerts to grab user credentials, as well as reading and writing data in the user’s clipboard, which could be used to obtain password information if such data is copied from a password management tool.

Related

In a statement obtained by Reuters, Apple spokesperson Christine Monaghan said, “We’ve removed the apps from the App Store that we know have been created with this counterfeit software.”

Affected software includes leading Chinese messaging app WeChat and China-based Uber competitor Didi Kuaidi. WeChat said in a blog post the malware had been discovered in an earlier version of its app and so iOS users should ensure they have the latest malware-free version on their device.

It seems hackers targeted Chinese developers in their effort to get the malware into apps and onto the App Store. This was done by getting developers to use a tainted version of Apple’s app development tool, called Xcode.

Without realizing, developers using the tainted software, dubbed XcodeGhost, were incorporating malware into their apps before submitting them to the App Store. Apple’s own checking procedures failed to spot the malicious software, allowing infected apps into the App Store for iPhone, iPad, and iPod Touch users to download.

With Apple proud of its reputation for security when it comes to its iOS app store, the incident will be a matter of concern – and embarrassment – for the company. Apple said on Sunday it’s warning iOS developers to obtain Xcode only from its own site, rather than from third-party sources, which seems to have been the case here.

Editors’ Recommendations

Topics
Trevor Mogg
Trevor Mogg
Contributing Editor
Not so many moons ago, Trevor moved from one tea-loving island nation that drives on the left (Britain) to another (Japan)…
Apple’s mysterious iPhone 17 Air is one step closer to becoming a reality
A render of the iPhone Air.

For months, rumors have indicated that Apple plans to remove the iPhone Plus from the 2025 iPhone 17 lineup, and replace it with an entirely new model that might be called the “iPhone 17 Air.” A new report suggests that this phone is now closer to becoming a reality.

According to Digitimes, the new phone has entered the initial stage of manufacturing, known as the new product introduction (NPI) phase. At this stage, Apple and its manufacturing partners finalize a blueprint for creating the phone. It's a significant step in the process.

Read more
Things still aren’t looking good for Apple’s iOS 19 update
iPhone 16 Pro Max in Desert Titanium.

The latest version of iOS 18.2 rolled out to (most) iPhone users yesterday, and it brought with it a slew of new features that fans have eagerly waited for. These include Visual Intelligence for iPhone 16, Genmoji, and Image Playground. However, this slower rollout of iOS 18 features is having an impact on development times for its next iteration, and that means iOS 19 might be delayed.

There have been whispers of delays before, so this doesn't come as a huge surprise — particularly when you think about how the production flow at Apple usually goes. In a Threads post, Bloomberg's Mark Gurman said: "I continue to hear that the gradual rollout of features across iOS 18 to iOS 18.4 is leading to delays of some features scheduled for iOS 19. That will lead to a long-term rollout of features next cycle as well. Engineers are stuck working on iOS 18 projects when they’d usually already be on to the following OS."

Read more
RCS messaging is now live in iOS 18.2 for Boost Mobile subscribers
RCS messaging on iOS 18.

This week, Apple released iOS 18.2. Though the update is mostly being advertised for its new Apple Intelligence features, it also includes another feature long promised for certain U.S. iPhone users.

With the iOS 18.2 update, Boost Mobile customers using iPhones can now use RCS (Rich Communication Services) as an alternative to SMS and MMS. A Reddit user (via Android Authority) was the first to discover the change. Apple teased RCS support last year before making an official announcement at this year's Worldwide Developers Conference (WWDC) in June.

Read more