While the rest of us were soaking up the last of the season’s sunshine, Apple researchers spent the weekend removing hundreds of malicious apps for iPhone and iPad from the iOS App Store.
“The recent exploit on Apple has shown us that even Apple’s system can be compromised quite easily,” said Avast security researcher Filip Chytry. “While this time nothing significant happened, it is a reminder that having everything under an Apple system could potentially make a system vulnerable.”
The malware seems to have been focused on Chinese users. Chinese media reported more than 300 apps including the popular instant messaging service WeChat, Uber-like taxi hailing program Didi Kuaidi, banks, airlines, and a popular music service were infected.
The malicious software programs got by Apple’s strict review process in an ingenious way. Hackers targeted legitimate app developers by uploading a fake version of Xcode, Apple’s development software used to create apps for iOS and OS X, to a Chinese server. It’s a large file, and reportedly quite slow to download from Apple’s U.S. servers, so to save time, unwitting Chinese developers bypassed the U.S. server and got their development tools from the faster Chinese server. Once their apps were completed, the malicious code traveled Trojan-horse style to the App Store.
“If hackers are able to exploit one entry point, they are able to attack all of the other iOS devices – and the fact that Apple doesn’t have a big variety of products makes it easier,” said Chytry.
Apps built using the counterfeit tool could allow the attackers to steal personal data, but there have been no reports of data theft from this attack.
“Regarding this specific vulnerability, consumers shouldn’t worry too much, as sandboxing is a regular part of the iOS system,” said Chytry.
A sandbox is a set of fine-grained controls that limit the app’s access to files, preferences, network resources, hardware, etc.
“As part of the sandboxing process, the system installs each app in its own sandbox directory, which acts as the home for the app and its data. So malware authors cannot easily access sensitive data within other apps,” said Chytry.
In a statement Apple said, “To protect our customers, we’ve removed the apps from the App Store that we know have been created with this counterfeit software and we are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”