Last week we reported that Apple’s Chinese iOS App store had been hacked and millions of Chinese users may be affected. The hack involved the distribution of a tainted XCode .dmg file to developers of many iOS apps. XCode is the foundation on which developers build their iOS apps and apparently someone was able to inject malware into XCode which then injected it into the app itself. Since then the hack has been dubbed XCodeGhost.
Apple is cleaning up the affected apps and working with developers to get them the proper XCode .dmg file so this doesn’t happen to them again. The reason developers were downloading the infected version of XCode is because the download was faster from an unknown Chinese server than from Apple’s. But now that we know XCode has been compromised and there are tainted versions this means the Chinese App store may not be the only affected store.
That same download of XCode is available to developers around the world including the US so the question remains if other developers used it. If that’s the case then many more apps and users may be affected. This is already a very significant security breach for Apple and adding more countries into the mix will only compound that. Apple isn’t saying if other countries App stores are affected, they only say “the Chinese App store appears to be the only one affected”.
Apple’s reputation for secure operating systems is at risk here and this goes to prove that they are not bulletproof. As this story develops we will keep an eye on it and report back if any further developments arise. Right now we can only assume that everyone could be at risk with this hack and we now know Apple’s perceived security dominance is less than stellar.Source: Reuters