Apple Posts XcodeGhost Malware FAQ, Will Alert Users Who Installed Infected Apps
Apple has today outlined what the XcodeGhost compromising of some App Store apps actually means for users via its Chinese website, explaining what the malware is and the steps that the company is taking in order to minimize the risk and ensure its developers can be protected moving forward.
The XcodeGhost problem, coming after compromised versions of Xcode found their way into the development cycle of popular apps such as WeChat and Angry Birds 2, has left Apple with a number of App Store apps that could potentially be collecting data on its users. What started with a pool of 35 infected apps quickly grew to 85 or more. While Apple says that no information is available to suggest that “the malware has been used to do anything malicious or that this exploit would have delivered any personally identifiable information had it been used,”the company has removed any infected apps from the App Store while others have been updated with infection-free versions, meaning all apps currently available are safe to use.
Apple has also said that it will soon publish a list of the top 25 most popular apps that were affected by the XcodeGhost as well as contacting users who may have used an app that fell foul of the malware. From the XcodeGhost page on the company’s Chinese website:
Customers will be receiving more information letting them know if they’ve downloaded an app/apps that could have been compromised. Once a developer updates their app, that will fix the issue on the user’s device once they apply that update.
Apple has today been outlining the steps required in order for developers to validate the versions of Xcode that they are currently using in order to ensure that XcodeGhost cannot make a comeback.
With the iPhone 6s and iPhone 6s Plus set to go on sale this coming Friday, Apple won’t want the current App Store problems to detract from its biggest hardware release of the year.