XCodeGhost | Breaking Cybersecurity News | The Hacker News

Do you know?… Any iOS app downloaded from Apple's official App Store has an ability to update itself from any 3rd-party server automatically without your knowledge. Yes, it is possible, and you could end up downloading malware on your iPhone or iPad. Unlike Google, Apple has made remarkable efforts to create and maintain a healthy and clean ecosystem of its official App Store. Although Apple's review process and standards for security and integrity are intended to protect iOS users, developers found the process time consuming and extremely frustrating while issuing a patch for a severe bug or security flaw impacting existing app users. To overcome this problem, Apple designed a set of solutions to make it easier for iOS app developers to push straightway out hotfixes and updates to app users without going through Apple's review process. Sounds great, but here's the Kick: Malicious app developers can abuse These solutions, potentially allowing th...

Apple is cleaning up its iTunes App Store again – for the third time in two months – following another flood of iOS apps that secretly collect users' personal information. Researchers discovered more than 250 iOS apps that were violating Apple's App Store privacy policy , gathering personal identifiable data from almost one Million users estimated to have downloaded those offending apps. The offending iOS applications have been pulled out of the App Store after an analytics service SourceDNA reported the issue. After XcodeGhost , this is the second time when Apple is cleaning its App Store. Malicious iOS Apps Stealing Users' Private Info The malicious applications were developed using a third-party software development kit (SDK) provided by Youmi, a Chinese advertising company. Once compiled and distributed on Apple's official App Store, those apps secretly accessed and stored users' personal information, including: A list of apps installed on the victim's phone Serial nu...

CrowdStrike is named a Leader in the 2024 Gartner® Magic Quadrant™ for Endpoint Protection Platforms for the fifth consecutive time, positioned highest on Ability to Execute and furthest to the right on Completeness of Vision.

Recently, Chinese iOS developers have discovered a new OS X and iOS malware dubbed XcodeGhost that has appeared in malicious versions of Xcode, Apple's official toolkit for developing iOS and OS X apps. The hack of Apple's Xcode involves infecting the compiler with malware and then passing that malware onto the compiled software. This is a unique approach because the hack does not attempt to inject attack code into a single app, and then try and sneak that past Apple's automated and human reviewers. Instead, the malicious code is infected on Xcode itself, which is used by software developers to craft and develop the apps for iOS and OS X operating system. The primary behavior of XcodeGhost in infected iOS apps is to collect information on devices and upload that data to command and control (C2) servers. Once the malware has established a foothold on infected devices, it has the ability to phish user credentials via fake warning boxes, open specific URLs in a ...