New Xcode vulnerability found in iOS apps

It has been reported that many of China’s favorite, most popular applications for the Apple iOS platform are infected with malware. A study conducted by Apple revealed that roughly 36 applications on Apple’s store were found to be compromised during an uncharacteristic breach of the tech giant’s security. An Xcode vulnerability in the core development packages used by app creators was found to be the root cause.

Xcode Exploitation

The infected applications took advantage of an Xcode vulnerability, which allowed users of unauthorized versions of Apple’s developer toolkit to hijack popular applications.

In a statement on Sunday, Apple declared “To protect our customers, we’ve removed the apps from the App Store that we know have been created with this counterfeit software and we are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps”.

Compromised Development Packages

A further statement was made by Palo Alto Network Inc., a cyber-security firm in the U.S., explaining “In China, and in other places around the world, sometimes network speeds are very slow when downloading large files from Apple’s servers.

As the standard Xcode installer is nearly three gigabytes, some Chinese developers choose to download the package from other sources.” Xcode is an integral part of iOS app design, and has most likely been used by almost all iOS apps, although only the thirty six apps before mentioned were found to be hiding malicious software.


WeChat Infected

Whilst the exact details of all the infected applications is not known, it has been declared that WeChat, a transit app by Didi Kuaidi and a music application from NetEase Inc. were compromised.

An application such as WeChat has over 500 million users, one can only but wonder at the implications of such an app leaving such a vast amount of users vulnerable.

Apple have been quick to address the issue and manufacturers of infected applications are taking steps to ensure that their software is free from exploits and vulnerabilities.