By Jim Finkle
BOSTON (Reuters) - Apple Inc APPL.O said on Sunday it is cleaning up its iOS App Store to remove malicious iPhone and iPad programs identified in the first large-scale attack on the popular mobile software outlet.
The company disclosed the effort after several cyber security firms reported finding a malicious program dubbed XcodeGhost that was embedded in hundreds of legitimate apps.
It is the first reported case of large numbers of malicious software programs making their way past Apple's stringent app review process. Prior to this attack, only five malicious apps had ever been found in the App Store, according to cyber security firm Palo Alto Networks Inc ( PANW.N ).
The hackers embedded the malicious code in these apps by convincing developers of legitimate software to use a tainted, counterfeit version of Apple's software for creating iOS and Mac apps, which is known as Xcode, Apple said.
"We've removed the apps from the App Store that we know have been created with this counterfeit software," Apple spokeswoman Christine Monaghan said in an email. "We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps."
She did not say what steps iPhone and iPad users could take to determine whether their devices were infected.
Palo Alto Networks Director of Threat Intelligence Ryan Olson said the malware had limited functionality and his firm had uncovered no examples of data theft or other harm as a result of the attack.
Still, he said it was "a pretty big deal" because it showed that the App Store could be compromised if hackers infected machines of software developers writing legitimate apps. Other attackers may copy that approach, which is hard to defend against, he said.
"Developers are now a huge target," he said.
Researchers said infected apps included Tencent Holdings Ltd's ( 0700.HK ) popular mobile chat app WeChat, car-hailing app Didi Kuaidi and a music app from Internet portal NetEase Inc.
The tainted version of Xcode was downloaded from a server in China that developers may have used because it allowed for faster downloads than using Apple's U.S. servers, Olson said.
Chinese security firm Qihoo360 Technology Co ( QIHU.N ) said on its blog that it had uncovered 344 apps tainted with XcodeGhost.
Tencent said on its official WeChat blog that the security flaw affects WeChat 6.2.5, an old version of its popular chatting app, and that newer versions were unaffected. A preliminary investigation showed there had been no data theft or leakage of user information, the company said.
Didi Kuaidi said in an emailed statement users' privacy was not intruded upon, and the app has been immediately updated to address the issue.
In a mea culpa on its official Weibo microblog, NetEase apologized to users, saying their private information was not compromised and a fix has been issued.
Apple declined to say how many apps it had uncovered.
(Reporting by Jim Finkle; Additional reporting by Scott DiSavino in New York and Paul Carsten in Beijing; Editing by Chizu Nomiyama, Eric Beech and Alex Richardson)
Apple's App Store infected with XcodeGhost malware in China
Apple has said it is taking steps to remove malicious code added to a number of apps commonly used on iPhones and iPads in China.
It is thought to be the first large-scale attack on Apple's App Store.
The hackers created a counterfeit version of Apple's software for building iOS apps, which they persuaded developers to download.
Apps compiled using the tool allow the attackers to steal data about users and send it to servers they control.
Cybersecurity firm Palo Alto Networks - which has analysed the malware dubbed XcodeGhost - said the perpetrators would also be able to send fake alerts to infected devices to trick their owners into revealing information.
It added they could also read and alter information in compromised devices' clipboards, which would potentially allow them to see logins copied to and from password management tools.
Image copyright Tencent Image caption WeChat is one of China's most popular chat apps, and is also used outside the country to a lesser extent
Infected applications includes Tencent's hugely popular WeChat app, NetEase's music downloading app and Didi Kuaidi's Uber-like car hailing app.
Some of the affected apps - including the business card scanner CamCard - are also available outside China.
"We've removed the apps from the App Store that we know have been created with this counterfeit software," said Apple spokeswoman Christine Monaghan.
"We are working with the developers to make sure they're using the proper version of Xcode to rebuild their apps," said Christine Monaghan.
On its official WeChat blog. Tencent said the security issue affected an older version of its app - WeChat 6.2.5 - and that newer versions were not affected.
It added that an initial investigation showed that no data theft or leakage of user information had occurred.
Analysis: Dave Lee, North America technology reporter
Image copyright Apple
In Apple's walled garden App Store, this sort of thing shouldn't happen.
The company goes to great lengths, and great expense, to sift through each and every submission to the store. Staff check for quality, usability and, above all else, security.
The Apple App Store is generally considered a safe haven as the barrier to entry is high - there's only been a handful of instances of malware found on iOS apps, compared to Google's Play store which for a while was regarded as something of a "Wild West" for apps (until they introduced their own malware-scanning system too).
It makes this attack all the more surprising, as it looks like two groups of supposedly informed people have been caught out.
Firstly developers, who security researchers say were duped into using counterfeit software to build their apps, creating the right conditions for the malware to be applied.
And secondly, Apple's quality testers, who generally do a very good job in keeping out nasties, but in this case couldn't detect the threat.
Follow Dave Lee on Twitter @DaveLeeBBC
The malware was initially flagged by researchers at the Chinese e-commerce firm Alibaba.
It discovered that the hackers had uploaded several altered versions of Xcode - a tool used to build iOS apps - to a Chinese cloud storage service.
Then, about six months ago, the attackers posted links to the software on several forums commonly visited by Chinese developers.
Image copyright Palo Alto Networks Image caption Links to the infected version of Xcode showed up in search engines
"In China - and in other places around the world - sometimes network speeds are very slow when downloading large files from Apple's servers," explained Palo Alto Networks in a follow-up blog.
"As the standard Xcode installer is nearly three gigabytes, some Chinese developers choose to download the package from other sources."
It added that potentially hundreds of millions of users might have been affected.
Apple does have a security tool - called Gatekeeper - that is designed to alert users to unauthorised Mac programs and stop them from being run. However, it appears the developers must disabled the facility, allowing them to create iOS apps with XcodeGhost.
Sense of security
Despite the many news headlines about the breach, one expert said he did not forecast a major impact on the sale of Apple products.
Image copyright INTSIG Information Image caption The business card scanning app Camcard is reported to have been one of the products affected
"It is definitely embarrassing for Apple but the reality is that malware is a persistent problem since the days of PCs and the problem will multiply as the number of mobile devices explodes from 1.4 billion units in 2015 to 1.8 billion in 2020," Wee Teck Loo, head of consumer electronics at market research firm Euromonitor International, told the BBC.
In fact, consumers are less cautious on mobile devices than on PCs, he added.
"In emerging markets like China or Vietnam, mobile devices are their first connected product and security is taken for granted," he said.
"Consumers in emerging markets are also less protective of privacy and security issues."
Earlier this month, login names and passwords for more than 225,000 Apple accounts were stolen by cyber-thieves in China.
It was uncovered by security firm Palo Alto Networks while investigating suspicious activity on many Apple devices. It found a malicious software family that targets jailbroken iPhones.
The majority of people affected were in China.
Apple’s iTunes Store is having problems and iTunes Connect is down [Update: It’s finally back]]
by Mic Wright Tweet — 11 Mar, 10:49am in Apple
Come here on Wednesday March 25? Yes, it’s down again: follow our updates here instead.
It looks like Apple is having a bad Wednesday. The iTunes Store, App Store and Mac App Store are suffering outages and the company’s app submission service iTunes Connect is down.
While the front pages of both the App Store and Mac App Store are accessible, we’ve hit broken pages on the US and UK App Stores when accessing individual apps. Meanwhile, though music, film and TV content is still visible in the iTunes Stores, you can’t actually buy it.
The problems seem to be geographically inconsistent – it appears to be possible to download apps from the Indian App Store but music tracks aren’t accessible there.
As you might expect, iBooks is down too and in-app purchases are broken. There also seem to be issues with TestFlight. the company’s service which allows developers to give beta testers access to their apps. It’s currently inaccessible for some iOS users.
We’ve contacted Apple for details on the situation and will update this post when we have more. The company’s status page shows all its services working correctly but that clearly isn’t the case.
Update: Thanks for your reports. We’ve had confirmation of problems in Armenia, Australia, Brazil, Bolivia, Bulgaria, Poland, Serbia, South Africa, Cyprus, Canada, Switzerland, Spain, Sweden, Saudi Arabia, France, Finland, India, Italy, Indonesia, the Philippines, Romania, Ukraine, the Caribbean, Portugal, Russia, Egypt, Slovakia, Singapore, Vietnam, Israel, Iceland, the Netherlands, Norway, Denmark, Japan, Hong Kong, Germany, Greece, Mexico, New Zealand, Kenya, Thailand, the UK and US. So it’s safe to say this is a worldwide issue.
Update 2 : We’re also seeing some reports that logins through the Apple Developer site aren’t working now either.
Update 3: Karl Hooker in the comments says:
Just spoken to Apple customer services UK and the agent was unaware of the issue until I told her to pick up her own phone and attempt to download an app. She said “Oh, yes I seem to be having the same error” and put me on hold. She then came back and said “We are aware of an outage but I don’t know how long it’s going to take, please try again in about an hour”…
Update 4: Here’s the latest error we’ve got, we’re now being told that the App Store itself isn’t available in the UK store. Confusing!
Update 5: And now if you were thinking of going to Apple Support for guidance…that’s down too. That also means you can’t make Genius Bar appointments.
Update 6. Here’s an interesting story from Twitter:
@brokenbottleboy Was in the Apple Store Edinburgh 10am & they were having to use paper&pen. Their systems did come back after 15m – related?
— I, YermoungDer (@yermoungder) March 11, 2015
Note: we’ve yet to confirm this.
Update 7: We’re continuing to try to contact Apple but at this point we’ve received no reply to our emails and no one’s picking up the phone.
Update 8: Apple has updated its developer status page but iTunes isn’t on it. The support status page still shows iTunes working fine and dandy.
We’re hearing from developers that Apple has told them to expect the problem to be fixed in the next two hours but that it’s a very uncertain estimate. We’re still waiting for an official comment.
Update 9. Some readers in Australia are reporting that iTunes is working normally again for them now but as the issues have been sporadic, we’re not holding our breath just yet.
Update 10 : Like we said before, the problems do seem to be sporadic – developers and users in Australia still reporting problems despite others saying they’re back up and running.
Update 11 – 9.41 ET/13.41 GMT: We’re still receiving reports from across the world that iTunes downloads are not working on the desktop or iOS devices and that Apple TV is also affected.
Update 12 – 09.53 ET/13.53 GMT: First official word from Apple, not ETA on a fix yet.
Update 13 – 10.03 ET/14.03 GMT: Correction – that tweet was not from an official account. We’re still waiting on official word from Apple.
Update 14 – 10.06 ET/14.07 GMT. Apple’s finally updated its status page to show iTunes is unavailable for all users.
Update 15 – 10.16 ET/14.17GMT : The App Store might be five hours into suffering problems but the AppStore account on Twitter is still tweeting merrily.
Control this little humanoid in an adrenaline-fueled dash for your life. http://t.co/3oAfOIMPyw pic.twitter.com/JJukb0P0fq
— App Store (@AppStore) March 11, 2015
Update 16 – 10.25 ET/14.25 GMT. We’ve got another report via Twitter of an Apple Store that’s had to turn to pen and paper:
@brokenbottleboy The Apple Store in Ridge Hill, NY is expecting issues with both the Wi-fi and their systems and are using Paper and Pen to.
— TwiceTheSn0w (@AahdsT) March 11, 2015
See Update 6 for the previous instance. As before, we can’t verify this but if retail stores are unable to use their sales apps, it could speak to an even larger issue with Apple’s systems.
Update 17 – 10.33 ET/14.33 GMT: Apple’s now updated its status page again showing the App Store, iTunes Store, Mac App Store and iBooks Store as unavailable with red symbols.
Apple’s timeline of the outages shows the problem with its stores still ongoing and that there were iCloud problems between 9am GMT (5am ET) and 12.30pm GMT (08.30 ET):
Update 19 – 11.35 ET/ 15.35 GMT. Apple’s developer status page now shows the issues with iTunes Connect and Testflight we’ve been reporting on all day. It also confirms that those problems began at 8am GMT (4am ET) – an hour before the other issues.
The New York Times
Stop Googling. Let’s Talk.
What have we done to face-to-face conversation?
What Causes a Super Blood Moon?
The moon will appear larger than usual and will take on a reddish hue in much of North America on Sunday night.
The Real Roots of ’70s Drug Laws
Black anti-crime activism in the ’60s and ’70s helped pave the way for our current system of draconian drug laws and mass incarceration.
Sherry Turkle’s ‘Reclaiming Conversation’
Jonathan Franzen reviews a new book based on interviews with people who say they feel controlled by new technologies.
Russia Surprises U.S. With Accord on Battling ISIS
Russia left the United States scrambling by reaching an understanding with Iraq, Syria and Iran to share intelligence about the Islamic State militants.
Share of Immigrants in U.S. Nears Highs of Early 20th Century, Report Finds
A Pew Research Center report revealed major shifts in immigration to the United States since Congress passed the Immigration and Nationality Act a half-century ago.
With China’s president unwavering on tough Internet policies, Narendra Modi of India is sending a different message: Help India become an Internet powerhouse.
Marketers are resorting to emojis, outrageous stunts and elaborate events to reach a demographic that has little tolerance for traditional advertising.
This site is only made possible by people like you contributing review durations. Please contribute your latest review.
What is this? This site tracks the average App Store review times for both the iOS and the Mac App Store using data crowdsourced from iOS and Mac developers.
Who is collecting this data? We are Shiny Development. We created this site in the hope that it would provide some useful information to developers around the world. We also run iOS Dev Weekly. a weekly email with links to the best blog posts and articles from the world of iOS development. If you are interested in the data here then it is likely that you will find something of interest in iOS Dev Weekly each week. You should subscribe!
Where does this data come from? This is not official Apple data. It is based only on anecdotal data gathered from people posting their latest review times on Twitter and App.net using the #macreviewtime or #iosreviewtime hash tags. For people that would prefer to remain anonymous when submitting their review we also allow direct submissions of review times.
Can I be notified of the numbers automatically? Yes. The @appreviewtimes account on Twitter and the @appreviewtimes account on App.net will each post once a day with the latest averages.
How do I contribute data? It's simple! Just post to Twitter or App.net with the time it took for your last app review and include one of the hash tags (see above) along with a number of days. Just the hash tag and “X days” is all that is needed at a minimum but including the app name/link is also good. Please don't post the number of hours. See this example tweet for inspiration. If you'd prefer you can directly submit your review time. Please do continue to post your times, this site is useless without constant data.
Should I include the “Waiting for Review” time as well as the “In Review” time? Yes. Include the full time from uploading your app and going into review right through to a “Ready for Sale” status.
Should I include weekends? Yes. Apple review and approve apps over the weekend. Bless them!
Should I include expedited reviews? No. Expedited reviews are a special case and this site is trying to capture the average standard review time. The same applies if your app “needs additional time in review”.
What if my app was rejected a few times? Don't worry! Relax and make yourself a nice cup of tea, it happens to everyone. ) For the purposes of this site that would count as multiple reviews, just tweet or post the last successful review time.
How accurate is this data? The averages on this site are based only on the data gathered from the community which are a very small subset of the total number of apps which go through review each day. However in our experience it does give a reasonable indication of how review times are changing over time.
How is the average calculated? The average for each day on the graph is calculated using a truncated mean average based on historic data (Using 14 days of data for the iOS store, 30 days for Mac). The current number of days average is simply the latest data point from that graph rounded to the nearest whole day.
How current is the data? The system has collected 37727 data points since being switched on but only those reported recently are actually used to calculate the averages above.
Can I sponsor this site? You sure can! The sponsored link on the right hand side of the header can be sponsored on a month by month basis. If you're interested, just contact us for more information on price and availability.
Updates every 30 minutes. Last updated at September 28, 16:00 UTC
Apple, App Store, iOS and Mac are all trademarks of Apple Inc. registered in the U.S. and other countries.
Apple Removes 300 Infected Apps from App Store
Apple has now removed over 300 pieces of software from the App Store, after malware that targeted developers managed to create infected iOS apps. On top of that, it looks like the apps are more dangerous to Apple customers than previously thought.
Several security companies have now banded together in the search for malicious iOS apps: Claud Xiao from PaloAlto Networks has reportedly discovered 39. Fox-IT also found a number of others, a representative told WIRED in an email. Many of those apps are popular in China, such as Railway 12306, used for purchasing train tickets, and a version of WeChat, a messaging app. Only the older version 6.2.5 is infected, whereas the app’s up-to-date version is clean.
However, it appears that some affected apps are also used by Apple customers in the United States. ‘CamCard’, an app for scanning and storing business cards, and which was a ‘Top Paid App’ in 2014. is also infected, according to Palo Alto Networks.
Originally, the malware was seen to be fairly innocuous: it could siphon off only small snippets of information such as a device’s ID, and the current time.
But according to findings from one researcher. and then built upon by Xiao. the infected apps are also capable of receiving commands from the attacker. These commands can apparently allow a hacker to read and write data to the victim’s clipboard, open specific URLs, or prompt a fake alert on the victim’s screen. Some of these could be used to steal passwords, Xiao claims.
Apple did not respond to multiple requests for comment, but company spokesperson Christine Monaghan told The Guardian in an email that “We’ve removed the apps from the app store that we know have been created with this counterfeit software,” and that “We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”
Share this story on Facebook Share this story on Twitter Share this story on Pinterest Share this story via Email
This week on AppleInsider: iPhone 6s launch, Apple Car in 2019, App Store infection & more
Apple's busy month continued not just with the launch of new iPhones and firmware updates, but also news of the first major malware infection on the iOS App Store, and rumors that an Apple car could hit roads as soon as 2019.
To keep up on the latest in the Apple world, download the official AppleInsider app. and subscribe to our email newsletter .
Hackers sneak malware into App Store
By way of modified versions of Xcode hosted on Chinese servers, hackers managed to slip malware into dozens or even hundreds of iOS App Store titles, including prominent apps like WeChat and Didi Kuaidi. The gaffe was blamed largely on Chinese developers wanting faster Xcode downloads than those possible from Apple servers.
Apple responded by trying to ensure copies of Xcode were legitimate. and promising to host Xcode on local servers. Developers scrambled to make sure their apps were scrubbed and updated.
Apple issues iOS 9.0.1 as iOS 9 adoption tops 50%
On Monday Apple claimed that over 50 percent of iOS devices were already running iOS 9, based on App Store traffic. That conflicted with third-party numbers putting the figure lower .
To keep customers satisfied, the company issued iOS 9.0.1 just two days later. The code fixed launch bugs affecting alarms, video playback, cellular data, and the setup assistant.
watchOS 2 makes delayed introduction
Having missed an original Sept. 16 deadline, Apple released watchOS 2 five days late on Sept. 21. The wait was linked to testers discovering a serious bug at the last minute.
The firmware makes a number of additions to the Apple Watch, such as native third-party app support, greater watch face customization, Time Travel and Nightstand modes, and an expanded range of Siri functions.
Electric Apple car could arrive in 2019
Apple is reportedly racing toward the goal of shipping its first electric car in 2019. The company may be preparing to triple the number of workers on the project to make it happen.
Some sources suggested that even with best efforts, Apple could still miss that goal. The car is also expected to require a driver, though self-driving technology may come later.
iPhone 6s, 6s Plus debut to large crowds
Friday saw the launch of the iPhone 6s and 6s Plus in 12 regions worldwide. Large throngs gathered at some Apple Stores as shoppers hoped to be the first to own the products.
Preorders began much earlier, on Sept. 12, but by early this week the company was completely out of stock for launch-day deliveries. People wanting a new iPhone before mid-October must now check retail shops as they replenish inventory.
First take: iPhone 6s & 6s Plus
2K has not specified when it will return.
The mobile port of BioShock has been removed from the App Store due to an incompatibility issue.
Despite slightly misleading reports earlier today from a 2K Games customer support agent, who stated that the game was pulled due to a "developer decision," 2K has now clarified that the removal of BioShock's iOS port is not permanent.
2K did not specify when the updated version of BioShock will be available to download again from the App Store.