Home Apple

Rotten to the Core – Thousands of Apps in Apple’s Store Infected

A multitude of apps in Apple’s Chinese App Store contained a form of malware that recently bypassed Apple’s code screening process. Researchers at FireEye have found approximately 4,000 apps to be infected with the XcodeGhost malware, affecting hundreds of millions iOS users worldwide. Once downloaded, these malicious applications have the potential to obtain and utilize device and user information, though Apple has saidthey’ve found nothing to suggest any malicious activity as of yet.

Xcode is an integrated development environment (IDE) which contains a suite of software development tools generated by Apple for the development of software for OS X and platforms. XcodeGhost is the malware found in unofficial versions of Xcode downloaded by Chinese rottenappledevelopers. It has the capability to modify Xcode and infects iOS applications. WeChat and Angry Birds 2 are just a couple of examples of popular infected applications that are now being updated in the App Store with malware free versions, while many other iOS applications identified as being infected with XcodeGhost are temporarily unavailable. In conjunction with this, Apple has sent email notifications to affected developers, thus instructing them to recompile their products by official Xcode, and to re-submit accordingly in order to prevent future breaches. Is it too late however? Has the damage been done?

Some are labelling this incident as a “first of its kind security breach” exposing a vulnerability and security gap in Apple’s mobile platform, which was once conceptualized as being the most secure of its kind. It is important to note that there was a failure to identify this malware prior to it infiltrating Apple and its users. How did this happen and how may this have been prevented? With modern day tools and technologies in place to protect against such occurrences, how will organizations such as Apple move forward in addressing this security gap?

What one can deduce from this incident is that, contrary to popular belief, Apple is not in fact more safe and secure than PC/Android. Does this incident mean reduced credibility and competitive advantage for Apple within the market? I suppose that is something yet to be determined. What we do know for certain, however, is that there is a security gap which is very much in existence today. Users, unfortunately, are not as aware as they should be when downloading files and applications, especially when the applications in question are being hosted by a “trustworthy” source such as the App Store.

How to survive Apple’s big day.

 If you’re like me, you are at best mildly curious to see what Apple unveils in Flint, MI, tomorrow.  At worst, you’re dreading the onslaught of Apple news, commentary, and reactions.  If the rumours about the iWatch and iPhone 6 are true, tomorrow could be the most annoying launch day in Apple’s history. 
It won’t be easy, but it is possible to get through tomorrow without being bombarded.
  • Don’t turn on the TV.  There will be speculation about what will be revealed, what effect it will have and why we should care.  I can assure you that it won’t be all that interesting.
  • Do not turn on your radio on the way to work.  If you still listen to traditional radio in your car, now might be a good time to look into streaming services, satellite radio, mix tapes, audio books, meditation, anything.
  • When you get to work, avoid anyone wearing an Apple shirt.  Just skirt around them a la  Office Space.  If they’ve chosen today to show their undying support for a brand, you don’t want to talk to them.  Trust me.
  • Turn off all updates on your phone.  Twitter, LinkedIn, Instagram, vine, Facebook, flipboard, all of them  Do the same on your computer. Uninstall your browsers if need be. Filter all emails with Apple in the subject line to your junk mail.  You may not think that certain feeds will be filled with Apple gushing, but you’ll be wrong.

At some point during the day, someone will probably want to talk to you about an iSomething.  I have two surefire strategies for this scenario.  For the more casual conversation partner, I suggest a quick change of topics.  Ignore the question completely and ask them about something else they care about.  How’s your kid doing in softball this year? or You look great, are you exercising?  The key here is to sound really excited to talk to them.  I’ll leave it to you to decide whether hearing about little Billy’s last home run is better than hearing about how “revolutionary”, “game changing”, or “disruptive” the iWatch will be.

If they have the glazed eyes and sweaty palms of a rabid fan boy, they will need something a little more…jarring.  If you can feign a good cry, do it now.  Clutch your mouth and start sobbing. Maintain eye contact for a few seconds before running away while flailing your arms.  If you can’t cry on demand, I’d substitute an urgent bathroom trip. Key here is a sudden look of surprise mixed with sheer terror.  Exit the area immediately with one hand on your stomach and the other on the seat of your pants.
If you can make it through the work day, you should be home free.  Just remember to stay away from any sort of live news or comments.  It’s not easy, but it can be done.  Things should be back to normal in a couple of days.  Of course, it may just be easier to call in sick and cocoon yourself in bed until the hysteria subsides.  Good luck.

Photos courtesy of theapplecollection.com