Apple admitted Monday that a malicious program (malware) invaded hundreds of applications in China, just as he was preparing to launch a new generation of iPhone.
The US company said it had removed his tent App Store online contaminated numerous applications, days after security experts warned infiltration.
In China, more than 300 applications, including social networking WeChat which has 500 million users in the country and Didi Kualdi to reserve taxi, were invaded by malware “XcodeGhost”. This program can be made of data users, according to Chinese state media.
The report was a blow to the US corporation in China which has the second largest world market.
Apple told AFP that already eliminated those applications of their online stores.
“To protect our customers eliminate App Store these applications, which we were created with a counterfeit program and now work with developers to ensure they use the appropriate version of Xcode to rebuild these applications, “the company said.
Apple’s reaction comes days after the US cyber security company Palo Alto Networks discovered the maneuver.
According to the company the malicious program was uploaded to the cloud Baidu files used by Chinese application developers.
The anti-censorship organization Greatfire.org, which tracks restrictions China LAN, considered the attack as “the most widespread and significant spread of malware in the history of the Apple store anywhere in the world.”
Apple, which reviews and approves each application offers his shop, has usually been free from such attacks, analysts said.
But “there is no perfect system,” said Alan Cockerill of security firm Lookout.
“While Apple traditionally does an excellent job to prevent access to its App Store malware, malicious actors are always looking for new ways to break, “Cockerill wrote in his blog.
” XcodeGhost unfortunately shows that when there is a will , it finds a way, “he added. “This malware can you have hundreds of millions of victims,” he estimated.
Johannes Ullrich, the SANS Institute Technology noted that “the real problem is that the malware fielded systems access to App Store” .
“Apparently there is a lot of trust between Apple and many of these developers of large applications like WeChat and then applications are not as thoroughly revised as with coming from unknown companies,” Ullrich said.
Once installed, the program allows a third party to access private information in an Apple device.
The program can create a false alert box to be key user or divert a browser to a fake website. You can also read and write user folders and can use that to get keys, according to the firm Palo Alto.
Apparently so far only have been attacked Chinese applications but several of them, including WeChat, they are also used outside China.
The Chinese applications are considered vulnerable because developers often bypassing official Apple systems, which are safer but can be enlentecidos by Chinese agencies monitoring the web.
The company Tencent, which develops the program WeChat admitted failure that affected users of Apple iOS operating system and repaired it said.
“There has been no theft or leakage” information or money from users, the company said.
Also responsible for the implementation of kuaidi Didi taxi service, which claims to have 200 million users, they admitted the invasion and also said there was no damage .
After an upgrade, the program “is no longer a threat,” said the company.
No comments:
Post a Comment