Apple to Alert Users Who Installed Apps Compromised by XcodeGhost

Discussion in 'MacRumors.com News Discussion' started by MacRumors, Sep 22, 2015.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    [​IMG]
    Apple has added an XcodeGhost question and answer page to its Chinese website today that explains what the malware is, how some users may be affected and next steps the company is taking to ensure that developers and end users alike are protected against malicious software going forward.

    Apple claims that it has no evidence to suggest that XcodeGhost has been used for anything malicious, such as the transmission of personally identifiable information, stipulating that the code is only able to deliver some general information about apps and system information.

    Nevertheless, Apple says it is working closely with developers and will soon list the top 25 most popular apps impacted by XcodeGhost on its Chinese website. The company will also be alerting users to let them know if they have downloaded apps that could have been compromised. Many affected apps have since been updated and are no longer infected by XcodeGhost.

    Relevant portions of the Apple FAQ for users:
    iPhone, iPad and iPod touch users should also read our XcodeGhost FAQ to learn more about the malware and how to keep yourself protected.

    Apple also outlined steps for developers to validate Xcode using Terminal on OS X.

    Article Link: Apple to Alert Users Who Installed Apps Compromised by XcodeGhost
     
  2. JonneyGee macrumors 6502

    JonneyGee

    Joined:
    Jun 8, 2011
    Location:
    Nashville, TN
    #2
    Apple should have caught the infected apps before approving them, but perhaps the main lesson to be learned here is to take great caution when downloading an app from a third-party server. In particular, download Apple apps from Apple only. This was easily avoidable and unwise developers created a huge mess.
     
  3. Michaelgtrusa macrumors 604

    Joined:
    Oct 13, 2008
  4. garylapointe macrumors 68000

    garylapointe

    Joined:
    Feb 19, 2006
    Location:
    Dearborn (Detroit), MI, USA
    #4
    Yeah! I just asked that in the other thread...

    Gary
     
  5. garylapointe macrumors 68000

    garylapointe

    Joined:
    Feb 19, 2006
    Location:
    Dearborn (Detroit), MI, USA
    #5
    Sounds like it's being handled...

    They are letting people know they are on the list, what would you have them do?

    Gary
     
  6. garirry macrumors 68000

    garirry

    Joined:
    Apr 27, 2013
    Location:
    Canada is my city
    #6
    I think the best thing they can do for now is suspend all apps who are infected/could be infected by the virus and possibly send an update to patch the malware as soon as possible.
     
  7. mw360, Sep 22, 2015
    Last edited: Sep 22, 2015

    mw360 macrumors 68000

    mw360

    Joined:
    Aug 15, 2010
    #7
    How could apple have caught these apps? It's not like they simply failed to run a virus scan. The infection was completely unknown and doesn't do anything particularly dramatic to trigger alarm bells. There's virtually nothing to detect other than some fairly routine device polling.

    Apps removed, users informed personally, C&C server taken down, devs notified. What's left for Apple to do, run around with their pants on their heads?
     
  8. macduke macrumors G4

    macduke

    Joined:
    Jun 27, 2007
    Location:
    Central U.S.
    #8
    Wasn't Angry Birds 2 on the list? If it was infected, I'm pretty sure Apple is going to have to do something beyond posting something to their Chinese website. My sister had CamScanner installed which lets you take images of documents and turn them into PDFs. I also had Mercury Browser installed, although I think there has been some confusion as to whether or not that was the app that was affected.

    Isn't Apple supposed to have a kill switch for these situations? Seems like it would be a good time to pull that lever.
     
  9. btrach144 macrumors 68000

    btrach144

    Joined:
    Aug 28, 2015
    #9
    Can we please get a reply as to what the malicious code was doing? Was it doing nothing? Was it sending banking IDs and passwords? Either this is a big deal or it's an annoyance. It all depends on what the malicious code was doing...
     
  10. mw360 macrumors 68000

    mw360

    Joined:
    Aug 15, 2010
    #10
    As far as I know, based on reading the links and articles posted here the malware was trapped in Apple's standard sandbox. It couldn't get any sensitive information, only information about the device itself. It had code which could have been activated it to throw up fake prompts (for phishing passwords) but presumably only when the affected app was running in the foreground. It could also grab the contents of the clipboard, which may have included passwords from those people who copy&paste passwords between apps, or other sensitive information, but it would have been without any context at all, so even if it had ever been activated, the deluge of random anonymous clipboards from 100 million users would probably be of very little value.
     
  11. arn macrumors god

    arn

    Staff Member

    Joined:
    Apr 9, 2001
    #11
    Apple's FAQ suggests it didn't do much. https://www.apple.com/cn/xcodeghost/#english
     
  12. Analog Kid macrumors 601

    Analog Kid

    Joined:
    Mar 4, 2003
    #12
    Why only the top N apps infected?! Shouldn't they list and take down all the apps infected? I don't think there's any reason to protect the developers here-- they made a grave error and should be accountable to it.

    Why are they only sharing this information in China-- some of those apps are used globally.

    Why did this take so long to provoke a reaction? When this report first came out 6 days ago, Apple should have sounded an internal alarm and gotten information within hours that would lead to action the same day.

    I get that this isn't the end of the world, it's most likely a minor trojan that was mostly likely thwarted by Apple's security design. Still, it shouldn't be taken this casually. I don't care if the big picture impact is minimal-- we rely on App Store review to protect us from this nonsense, and it was circumvented because someone created a rogue version of an Apple branded product. I'd feel much more comfortable if Apple had moved on this more aggressively.
     
  13. SteveW928 macrumors 68000

    SteveW928

    Joined:
    May 28, 2010
    Location:
    Victoria, B.C. Canada
    #13
    I think the 'downplaying' might be in response to what it possibly could have done in some situations.

    As you (I think) posted in another thread yesterday, Apple has been almost training users for phishing attacks by popping up Apple ID/iCloud logins all over the place. So, if someone were running one of these apps, and a dialog popped up, people might well have entered it (ex: run a game, dialog pops up, user thinks Apple wants them to login for Game Center), and now the hackers have their Apple ID.

    If that's possible, that's kind of a big deal, as it's actually fairly likely to have happened.

    Maybe Apple isn't aware of such an instance, so saying we're not aware of an attack is technically accurate... but if I'm speculating about the above, they certainly know about it.
     
  14. nutjob macrumors 6502a

    Joined:
    Feb 7, 2010
    #14
    Apple really didn't think their security through.
     
  15. mw360 macrumors 68000

    mw360

    Joined:
    Aug 15, 2010
    #15
    Yeah, but I don't think Apple are going to publicly speculate on how bad it could have been. Hopefully they know and are going to do something about it. In-App-Phishing is now a (kind-of) reality. They do need to take a good look at how they've been handling passwords because (like most companies actually) they've let engineers run with it, and have neglected the human factors.
     
  16. SteveW928 macrumors 68000

    SteveW928

    Joined:
    May 28, 2010
    Location:
    Victoria, B.C. Canada
    #16
    I somewhat agree... they've been fairly reactive in many cases, though I'm sure they do employ people to try and be preemptive. But, the reason I say I somewhat agree is with simple things like mentioned above. If one ONLY put in their password on the actual Apple ID settings on the settings page, that would make things WAY more secure. Even I (and I'm fairly security conscious) have wondered at times about all the popups wanting my Apple ID over and over again for this and that.

    But, there are other things, like for example, Apple (and other apps) sending all kinds of connection data across WiFi before it is even possible to turn on a VPN service. That's just stupid, and it's been like that across 8 versions of the OS and many years, and I presume probably similar in iOS 9.
     
  17. Analog Kid, Sep 22, 2015
    Last edited: Sep 22, 2015

    Analog Kid macrumors 601

    Analog Kid

    Joined:
    Mar 4, 2003
    #17
    I think it may also be because this is only one instance of a class of attacks. Someone found this one because of the network traffic it generated, but Apple clearly can't tell when a rogue compiler has been used. Downplaying it may be in hopes that people think this is contained and don't ask the question they can't answer: "Are there other compromised Xcode packages out there?"

    I really don't like that Apple takes the tone of "sometimes people do this":
    They should take the attitude of "developers should never do this", but then the question is "if it's so dangerous, why aren't you taking measures to detect it?"

    Whatever their external stance, I really hope they're scrambling internally to patch this hole more securely.
     
  18. SteveW928 macrumors 68000

    SteveW928

    Joined:
    May 28, 2010
    Location:
    Victoria, B.C. Canada
    #18
    Yea, it's the typical (for just about any company these days) put on the best PR face and hope approach.
     
  19. btrach144 macrumors 68000

    btrach144

    Joined:
    Aug 28, 2015
    #19
    Of course Apple will downplay the extent of this issue. People should be demanding a 3rd party security audit.

    Not to say you didn't try to answer my question, just simply stating Apple should be doing more in a security scenario.
     
  20. Analog Kid macrumors 601

    Analog Kid

    Joined:
    Mar 4, 2003
    #20
    I think that's a bit unfair. Apple software is remarkably secure, and they do take a lot of proactive steps to keep it that way. Sandboxing, code signing, GateKeeper, App Store approvals, etc all get a lot of resistance when they come out, but have had a positive affect on security.

    What bothers me a little bit is that they really don't respond quickly to outside reports of vulnerabilities until they threaten bad press. I almost think they think security through very carefully, and have many very competent people focused on the problem, but suffer from some arrogance induced blindness.
     
  21. SteveW928 macrumors 68000

    SteveW928

    Joined:
    May 28, 2010
    Location:
    Victoria, B.C. Canada
    #21
    Unfortunately, it's just kind of PR 101 in 2015... that's not to say it's right though, or even a good strategy.
     
  22. SteveW928 macrumors 68000

    SteveW928

    Joined:
    May 28, 2010
    Location:
    Victoria, B.C. Canada
    #22
    It's probably more a departmental matter. Engineering, PR, Marketing, Customer Response, etc. are all likely now different departments with their own budgets to worry about and separate policies, etc. unless they hear otherwise from above.
     
  23. calzon65 macrumors 6502a

    calzon65

    Joined:
    Jul 16, 2008
    #23
    I love my iPhone and iPad and acknowledge that Apple ushered in the age of touch smart phones (sans those horrible little keyboards ... sorry Blackberry users), but I have always hated Apple's arrogant attitude. Go into an Apple store and the cool aid drinking kids who work there just love to gush about Microsoft's horrible products that are all susceptible to virus and other attacks ... they end with heaping praise on Apple products that are allegedly invulnerable and that Apple "protects" its customers. Well I guess this time Apple failed to protect us. Sadly I have a feeling the larger Apple gets, the more products/services they offer, the more distracted their leadership will become.
     
  24. scottishwildcat macrumors regular

    Joined:
    Oct 24, 2007
    #24

    Yes, but only the version on the Chinese app store.
     
  25. SteveW928 macrumors 68000

    SteveW928

    Joined:
    May 28, 2010
    Location:
    Victoria, B.C. Canada
    #25
    To their credit.... there is a *MASSIVE* difference between the two platforms... which IMO still exists today in that regard (though it is changing).

    But, to take your point, yes, Apple is going to have to step up their game on that front, for sure. And they should never have portrayed the idea that if you're on Apple you don't have anything to worry about (if that is indeed what they portrayed).

    That said, I can't think of any people I know who run Windows (aside from a few forum geeks to make the claim) who haven't been impacted in some way by such attacks and/or don't run some kind of virus-detection software which usually does as much harm as good. At the same time, I don't know any Apple users who've been attacked, nor do I know any who run such software. (And, I work in tech, so talk to lots of people about such things.)
     

Share This Page

106 September 22, 2015