Pages: [1]   Go Down
  Print  
Author Topic: XCodeGhost malware: What you need to know  (Read 788 times)
HCK
Global Moderator
Hero Member
*****
Posts: 79425



« on: September 20, 2015, 03:00:20 pm »

XCodeGhost malware: What you need to know

<div class="field field-name-body field-type-text-with-summary field-label-hidden"><div class="field-items"><div class="field-item even" property="content:encoded"><p><a href='http://www.imore.com/xcodeghost-malware-what-you-need-know' title="XCodeGhost malware: What you need to know"><img src='http://www.imore.com/sites/imore.com/files/styles/large_wm_blw/public/field/image/2015/02/xcode-mac-menu-hero.jpg?itok=eJsrL_KH' />[/url]</p> <p class="intro">Infecting the apps that make the apps.</p> <p>Xcode, Apple's integrated development environment for making OS X and iOS apps, is 3.59 GB download. Because that download can take a long time in countries like China, some developers ihave been searching for it on other, non-Apple sites. The versions of Xcode they find, of course, have been infected with malware and compile apps that are just as infected. Researchers at Palo Alto Networks have dubbed this infected compiler and the resulting malware XcodeGhost. <!--break--></p>
<p>XcodeGhost's primary behavior in infected iOS apps is to collect information on the devices and upload that data to command and control (C2) servers. The malware has exposed a very interesting attack vector, targeting the compilers used to create legitimate Apps. This technique could also be adopted to attack enterprise iOS apps or OS X apps in much more dangerous ways.</p>
<p>Apple will no doubt continue to harden Xcode and the App Store to minimize the chances of malware getting into the chain but the bottom line is developers, even in China, absolutely should not download Apple apps, especially Xcode, from anywhere but Apple. It doesn't just put them at extreme risk, it puts all of us at extreme risk.</p> <p>What's worse is that Apple provides technologies like Gatekeeper expressly to prevent non-App Store and/or unsigned version of programs, including Xcode, from being installed. Those protections have to be deliberately disabled for something like XcodeGhost to successfully install.</p>
<p>Additionally, although Apple's code review for App Store submissions is very strict, some applications are never reviewed by Apple. If the iOS app is used by an enterprise internally, for example, it will be distributed in-house and won't go through the App Store.In the same example, an OS X app can also be infected, and lots of OS X apps are directly distributed via the Internet other than App Stores.</p>
<p>Apple should and will continue to make official downloads easier and exploits harder to deliver but there will always be new hurdles and new mechanisms. The only realistic defense is vigilance and responsibility by everyone involved.</p> </div></div></div><br clear='all'/>

<a href="http://rc.feedsportal.com/r/238386009582/u/49/f/616881/c/33998/s/4a01dc0b/sc/28/rc/1/rc.htm" rel="nofollow"><img src="http://rc.feedsportal.com/r/238386009582/u/49/f/616881/c/33998/s/4a01dc0b/sc/28/rc/1/rc.img" border="0"/>[/url]

<a href="http://rc.feedsportal.com/r/238386009582/u/49/f/616881/c/33998/s/4a01dc0b/sc/28/rc/2/rc.htm" rel="nofollow"><img src="http://rc.feedsportal.com/r/238386009582/u/49/f/616881/c/33998/s/4a01dc0b/sc/28/rc/2/rc.img" border="0"/>[/url]

<a href="http://rc.feedsportal.com/r/238386009582/u/49/f/616881/c/33998/s/4a01dc0b/sc/28/rc/3/rc.htm" rel="nofollow"><img src="http://rc.feedsportal.com/r/238386009582/u/49/f/616881/c/33998/s/4a01dc0b/sc/28/rc/3/rc.img" border="0"/>[/url]

<img src="[url]http://da.feedsportal.com/r/238386009582/u/49/f/616881/c/33998/s/4a01dc0b/sc/28/a2.img" border="0"/>[/url]<img width="1" height="1" src="http://pi.feedsportal.com/r/238386009582/u/49/f/616881/c/33998/s/4a01dc0b/sc/28/a2t.img" border="0"/><img width='1' height='1' src='' border='0'/><img src="http://feeds.feedburner.com/~r/TheIphoneBlog/~4/QOJTDaqYk0s" height="1" width="1" alt=""/>

Source: XCodeGhost malware: What you need to know
Logged
Pages: [1]   Go Up
  Print  
 
Jump to: