Apple Confirms Major Chinese App Store Security Breach
On Sunday, Apple confirmed that its App Store has suffered its first major security breach. The breach saw nearly 40 apps, including some popular downloads like WeChat, infected with malware (called XcodeGhost) that could’ve gotten onto potentially hundreds of millions of iOS devices. As a result, the Cupertino-based company pulled the plug on 39 iOS applications that were affected.
The problem, according to U.S.-based security firm Palo Alto Networks, is the result of developers being tricked into downloading a compromised version of Apple’s Xcode developer toolkit.
Given Apple’s stringent app review policies, the breach is certainly surprising, but, as one Mac developer pointed out, the blame really falls on third-party developers in China who were looking for a quick workaround to get access to Apple’s Xcode software—China’s Great Firewall drastically slows download speeds off of Apple’s official website. To install the problematic Xcode software, those developers had to ignore warnings that the software was damaged.