Apple Posts ‘Top 25’ List Of iOS Apps Sullied By XcodeGhost Malware
Some Apple app developers were caught with their pants around their ankles after it was discovered that a counterfeit version of Apple's free Xcode coding software had injected their creations with malware. The good news for iOS users is that there aren't a lot of high profile apps affected by this. Be that as it may, Apple posted a list of the top 25 most popular apps that were impacted by the malicious software.
They include WeChat (v6.2.6), DiDi Taxi (v4.1.0), 58 Classified - Job, Used Cars, Rent (v6.2.2), Google Map - Driving and Public Transportation (v7.5.0), Railroad 12306 (v2.11), Flush (v9.62.01), China Unicorn Customer Service (v3.3), CarrotFantasy 2: Daily Battle (v1.7.1), Miraculous Warmth (v.1.5.0), Call Me MT2 - Multi-server version (v2.0.6), Angry Bird 2 - Tifeng Li's Favorite (v2.2.1), Baidu Music (v5.2.10), DuoDuo Ringtone (v1.4.0), Netease Music (v.3.0.0), Foreign Harbor (v2.5.1), Battle of Freedom (v1.1.0), One Piece (v2.8.1), Let's Cook (v.4.4.0), Heroes of Order & Chaos (v2.2.1), Dark Dawn - Under the Icing City (v1.6.1), I Like Being with You (v1.1.7), Himalaya FM (v4.3.20), CarrotFantasy (v1.8.0), Flush HD (v4.84.01), and Encounter (v2.5.2).
As you can see, we're not talking about blockbuster apps here, not unless you consider CarrotFantasy and I Like Being with You the best that iOS has to offer. However, it should be mentioned that the above list a complete one.
What happened here is that some developers went in search of Apple's free Xcode coding software on alternate websites in an effort to obtain faster downloads. At least one of those sites hosted a malicious version of Xcode dubbed XcodeGhost.
"Apple incorporates technologies like Gatekeeper expressly to prevent non-App Store and/or unsigned versions of programs, including Xcode, from being installed. Those protections had to have been deliberately disabled by the developer for something like XcodeGhost to successfully install," Apple said.
In other words, the responsibility here falls squarely on developers, though Apple did concede that it needs to work on making its tools available at faster download speeds.
If you have one of the above apps, you should update it immediately.
They include WeChat (v6.2.6), DiDi Taxi (v4.1.0), 58 Classified - Job, Used Cars, Rent (v6.2.2), Google Map - Driving and Public Transportation (v7.5.0), Railroad 12306 (v2.11), Flush (v9.62.01), China Unicorn Customer Service (v3.3), CarrotFantasy 2: Daily Battle (v1.7.1), Miraculous Warmth (v.1.5.0), Call Me MT2 - Multi-server version (v2.0.6), Angry Bird 2 - Tifeng Li's Favorite (v2.2.1), Baidu Music (v5.2.10), DuoDuo Ringtone (v1.4.0), Netease Music (v.3.0.0), Foreign Harbor (v2.5.1), Battle of Freedom (v1.1.0), One Piece (v2.8.1), Let's Cook (v.4.4.0), Heroes of Order & Chaos (v2.2.1), Dark Dawn - Under the Icing City (v1.6.1), I Like Being with You (v1.1.7), Himalaya FM (v4.3.20), CarrotFantasy (v1.8.0), Flush HD (v4.84.01), and Encounter (v2.5.2).
As you can see, we're not talking about blockbuster apps here, not unless you consider CarrotFantasy and I Like Being with You the best that iOS has to offer. However, it should be mentioned that the above list a complete one.
What happened here is that some developers went in search of Apple's free Xcode coding software on alternate websites in an effort to obtain faster downloads. At least one of those sites hosted a malicious version of Xcode dubbed XcodeGhost.
"Apple incorporates technologies like Gatekeeper expressly to prevent non-App Store and/or unsigned versions of programs, including Xcode, from being installed. Those protections had to have been deliberately disabled by the developer for something like XcodeGhost to successfully install," Apple said.
In other words, the responsibility here falls squarely on developers, though Apple did concede that it needs to work on making its tools available at faster download speeds.
If you have one of the above apps, you should update it immediately.
