A Q&A posted by the Cupertino company on Tuesday aimed to ease the concerns of iPhone and iPad users who fear they may be using infected apps built with a modified version of Xcode, Apple’s app-building tool. The incident, which first hit the headlines over the weekend, is believed to be the most serious security breach in the App Store’s seven-year history.
Initial reports suggested around 40 apps were carrying the malware – among them Chinese messaging app WeChat and China-based Uber competitor Didi Kuaidi – though other reports have suggested a far higher number.
Apple responds
Responding to the issue in the Q&A, Apple said it’d removed infected apps that it’s aware of from its iOS App Store and is now blocking submissions of new apps that contain the malware.
“We’re working closely with developers to get impacted apps back on the App Store as quickly as possible for customers to enjoy,” the tech giant said, at the same time promising to release a list of the top 25 most popular apps impacted by the malware “so users can easily verify if they have downloaded the latest versions of these apps.”
The company confirmed it’ll be contacting customers who downloaded an app/apps that could have been compromised, adding, “Once a developer updates their app, that will fix the issue on the user’s device once they apply that update.”
Developers who created the malware-ridden software did so without realizing. Their mistake was to grab Xcode from a third-party site instead of from Apple’s own, as the version they downloaded had been altered to ensure apps created with the tool would incorporate the malicious software.
Some developers, mostly based in China, are known to head to third-party sites for the tool because they offer a faster download time. Apple is urging developers to stick with its own site for the tool, and is also promising to work on speeding up download times.
Security firm Palo Alto Networks (PAN) said the malware potentially impacts “hundreds of millions of users,” and described the malicious software as “a very harmful and dangerous malware that has bypassed Apple’s code review and made unprecedented attacks on the iOS ecosystem.”
