Over the weekend, the compromise known as XcodeGhost became a hot topic, and, as it should be, that continues to be the case leading into a new week.
The malware was discovered two days ago, and has since become a major focal point not just for security purposes, but iOS in general. The list of apps that are infected is quite long, including popular names like WeChat and more, and Apple was forced to remove them from the App Store on September 21. Most recently, Apple told developers how to check if their apps were infected by XcodeGhost, and Apple’s Phil Schiller explained that Apple is taking big steps to make sure this type of attack doesn’t happen again.
Now, Apple has added a question and answer form on its Chinese website, which is meant to explain what the XcodeGhost malware is, how iOS users can be affected by it, and what the next steps are moving forward. The steps outlined indicate what Apple is doing to protect not only the end user, but also developers.
Right now, Apple says that it has no identifiable evidence that XcodeGhost has been used for anything malicious up until now, but obviously the fear is that it could be used to transfer sensitive information about users. Instead, it would appear that it’s only able to deliver general information, including app information.
Apple will also be letting users know if they have downloaded an app or apps that have been compromised by XcodeGhost:
“Customers will be receiving more information letting them know if they’ve downloaded an app / apps that could have been compromised. Once a developer updates their app, that will fix the issue on the user’s device once they apply that update.”
As a general precaution, Apple says that if any of the infected apps have been installed, an iOS user should reset their iCloud and account passwords.
No comments:
Post a Comment