The impact of iOS app developers unknowingly using a rogue version of the Xcode development tool is turning out to be greater than initially thought: early reports listed just 39 apps that had been trojanized with the tool, but security researchers have since identified thousands more.
On Friday, security research firm Palo Alto Networks reported that 39 apps found in the App Store had been compromised after their developers -- most of them located in China -- used a rogue version of Xcode that had been distributed on forums. Xcode is a development tool for iOS and OS X apps provided by Apple.
The malicious Xcode version, which has been dubbed XcodeGhost by security researchers, added hidden functionality to any application compiled with it. Those apps were then uploaded by unknowing developers to the official App Store, bypassing one of the main malware defenses of the iOS ecosystem.
On Tuesday, mobile security firm Appthority reported that it had found 476 apps infected by XcodeGhost among those used by its enterprise customers.
No comments:
Post a Comment