The App Store Has Been Hacked!


App_Store_hackedThe Apple community has long bragged about how it is seemingly immune to hackers. Not so anymore. Hundreds of apps are plagued with a serious security flaw. The hackers duped Chinese developers into using a counterfeit version of Xcode, Apple’s official development tool.

WeChat, a messaging and calling app with 600 million users, was one of the hacked apps along with the file-compression app, WinZip. It is estimated that hundreds of apps have been infected. While the vast majority of the apps are in China’s App Store, some, such as the business card scanner CamCard and Angry Birds 2, are available outside of China.

Dubbed XcodeGhost, the malware can steal passwords by prompting you for your iCloud credentials. Also, the apps have access to anything from your clipboard such as passwords that you copy and paste from a password app, such as 1Password or SplashID.

Apple has pulled hundreds of apps from the App Store but has yet to publish a list of affected apps. Several sites, such as Cult of Mac, have provided a list of apps that are known to be affected. If one of your apps is on the list, you should delete it and reinstall it.

So how does this happen? Apple is known for putting apps through their paces before approving them to be sold on the App Store. Obviously, there was  a significant breakdown somewhere along the line. While there have been instances of a nefarious app or two getting into the App Store, the volume of this hack is unprecedented.

 

About the Author

Judy Novotny

Judy is a computer veteran with 30 years of experience. She has owned everything from a TRS-80, Apple IIe and various Windows-based PCs. She is currently living in her Apple ecosystem at home consisting of an iPhone, iPad, iMac, MacBook, Apple TV, iPod nano and two Time Capsules. She is a fan of all things mobile since she got her first Palm Pilot in 1999. Check out her iPad app, Number Wizard, in the App Store. Follow her on Twitter @junovotech or at Junovo.com.

There are no comments

Your email address will not be published. Required fields are marked *