Unless you have been living under a rock for the past week – chances are good that you’ve heard about the XcodeGhost exploit that has reportedly ravaged many apps that were available through the Chinese App Store.
The exploit relates to a malicious version of Apple’s IDE development environment Xcode that some developers in China seemingly downloaded, instead of obtaining a copy of the official version available on the Apple Developer Center.
The result is a sea of apps that have been injected with malicious code, (or malware), and that sneaked their way past Apple’s app review process – undetected. Now those apps are thought to be running on plenty of iOS devices that are out there … and it’s a problem. A big problem.
Perhaps the biggest that has hit the iTunes App Store since its launch, back in 2008.
“As Palo Alto Networks explains, the standard Xcode installer is nearly 3GB, which means it could take even longer to download large files from Apple’s servers in other countries,” the report notes, as it highlights that, in response to this, “some Chinese developers [chose] to download the software from other sources or obtain copies from colleagues.”
Following the discovery of the exploit by security research outfit Palo Alto Networks, last week, Apple has announced that it will soon host the official version of Xcode on Chinese servers.
“Apple’s developer software Xcode will soon be available to Chinese developers,” Mashable reports.
The report follows on from Apple naming the Top 25 apps that it says have been most affected by the exploit in a new XcodeGhost FAQ, that was recently published to the Chinese version of Apple.com.