WASHINGTON. Apple admitted Monday that a malicious program (malware) invaded hundreds of applications in China, just as he was preparing to launch a new generation of iPhone.
The US company said it had removed from its online store App Store contaminated numerous applications, days after security experts warned infiltration.
In China, more than 300 applications, including network social WeChat which has 500 million users in the country and Didi Kualdi to reserve taxi, were invaded by malware “XcodeGhost”. This program can be made of data users, according to Chinese state media.
The report was a blow to the US corporation in China which has the second largest market. Apple told AFP that already eliminated those applications of their online stores.
“To protect our customers eliminate App Store these applications, which we were created with a counterfeit program and now work with developers to ensure they use the appropriate version of Xcode to rebuild these applications, “the company said.
Apple’s reaction comes days after the US cyber security company Palo Alto Networks discovered the maneuver.
> According to the company the malicious program was uploaded to the cloud Baidu files used by Chinese application developers.
The anti-censorship organization Greatfire.org, which tracks Internet restrictions in China, considered the attack “the most widespread and significant spread of malware in the history of the Apple store anywhere in the world.”
Apple, which reviews and approves each application that offers in his shop, has usually been free from such attacks, analysts said.
But “there are no perfect systems,” said Alan Cockerill of security firm Lookout. “While Apple traditionally does an excellent job to prevent access to its App Store malware, malicious actors are always looking for new ways to break,” Cockerill wrote in his blog.
“unfortunately shows that when XcodeGhost there is no will, is the way, “he added. “This malicious program may have hundreds of millions of victims,” he estimated.
Fallas in reviews of Apple. Johannes Ullrich, SANS Technology Institute said that “the real problem is that the malware fielded systems access to App Store”.
“Apparently there is a lot of trust between Apple and many of these developers of large applications like WeChat and then applications are not as thoroughly revised as with coming from unknown companies, “Ullrich said.
Once installed, the program allows a third access private information in an Apple device.
The program can create a false alert box to be key user or divert a browser to a fake website.
You can also read and write user folders and can use that to get keys, according to the firm Palo Alto.
Apparently so far only have been attacked Chinese applications but several of them, including WeChat are also used outside China.
The Chinese applications are considered vulnerable because developers often bypassing official Apple systems, which are safer but can be enlentecidos by Chinese agencies monitoring the web.
The company Tencent, which develops the program WeChat admitted failure that affected users of Apple iOS operating system and repaired it said.
“There has been stolen or leaks “of information or money from users, the company said. Also responsible for the implementation of kuaidi Didi taxi service, which claims to have 200 million users, admitted the invasion and also said there was no damage. After an upgrade, the program “is no longer a threat,” said the company.
No comments:
Post a Comment