Posted: 9/22/2015 5:00:23 PM EDT
...and so it begins. 
Malware Alert! For iPhone and iPad Users ...malware called XcodeGhost into the Apple App Store. ETA: More info. And some more info here. air2 AmHexinForPad Angry Birds 2 baba BiaoQingBao CamCard CamScanner CamScanner Lite CamScanner Pro Card Safe China Unicom Mobile Office CITIC Bank move card space CSMBP-AppStore CuteCUT DataMonitor Didi Chuxing Eyes Wide FlappyCircle Flush golfsense Golfsensehd Guitar Master High German map Himalayan Hot stock market IFlyTek input IHexin immtdchs InstaFollower iOBD2 iVMS-4500 Jane book jin Lazy weekend Lifesmart Mara Mara Medicine to force Mercury Micro Channel Microblogging camera MobileTicket MoreLikers2 MSL070 MSL108 Musical.ly NetEase nice dev OPlayer OPlayer Lite PDFReader PDFReader Free Perfect365 Pocket billing PocketScanner Quick asked the doctor Quick Save QYER Railway 12306 SaveSnap SegmentFault snapgrab copy Stocks open class SuperJewelsQuest2 The driver drops The Kitchen Three new board Ting Wallpapers10000 Watercress reading WeLoop WhiteTile WinZip WinZip Sector WinZip Standard Posted from my compromised iPhone 6+. 
«tc2k11» |
|
unpossible.
Open your wallets and receive the blessing of our Almighty Father Jobs. Apple is infallible. Apple is good. Its silver glow will shine upon and enlighten us. Apple users are smarter, sexier, and all around better people. Do not panic and buy more Apple shit. |
| Caused by Chinese developers downloading a compromised version of Xcode that was downloaded from a 3rd party site(something I remember hearing about a few months ago), and supposedly the infected apps are only on the Chinese app store, so not a problem for most of the people here. |
|
Source?
I have to say that what I recall reading was that the issues were all in the China localized App Store. Apple will squash this. Fast. We do about a dozen iOS loads a day for folks with corrupted devices, all of whom attempted to download iOS 9 over wifi or the cell network. |
|
Quoted:
Crap! I have one of these on my phone and Ipad. Security DVR setup and viewing software that I use for work. What do I do? (other then put my phone in the garbage disposal). Delete the app(s), change any and all passwords you've ever entered into that phone? «tc2k11» |
|
Quoted:
This is why you don't download software from shady sources. Apple's servers were not compromised in any way. Someone modified a pirated version of xcode to inject malicious code into apps at compile time, that's how this happened. Apple's servers weren't compromised, but the developers and their apps (as listed) were compromised. I doubt Apple does a code audit of every app and app update that goes into the app store... «tc2k11» |
|
Sounds like most affected apps were those made by developers in China, which would include English version of their apps.
http://researchcenter.paloaltonetworks.com/2015/09/more-details-on-the-xcodeghost-malware-and-affected-ios-apps/ «tc2k11» |
|
Quoted:
Apple's servers weren't compromised, but the developers and their apps (as listed) were compromised. I doubt Apple does a code audit of every app and app update that goes into the app store... «tc2k11» Quoted:
Quoted:
This is why you don't download software from shady sources. Apple's servers were not compromised in any way. Someone modified a pirated version of xcode to inject malicious code into apps at compile time, that's how this happened. Apple's servers weren't compromised, but the developers and their apps (as listed) were compromised. I doubt Apple does a code audit of every app and app update that goes into the app store... «tc2k11» They do actually "review" all apps before approving them on the app store but it's not publicly known what exactly their process is for auditing. All that we know is that it's far from infallible since this is definitely not the first time hidden malicious code has made it past whatever safeguards they have. This time though even the developers of the apps didn't know it happened until it was too late. Attack vectors are always evolving and like said above it's extremely important not to trust shady sources for software. This all stemmed from the developers of all those apps using a pirated copy of xcode from a file sharing site. What doesn't even really make sense is that xcode is free so why anyone would even bother to use some random third party mirror site instead of Apple's web page is beyond me. |