Become a fan of Slashdot on Facebook

 



Forgot your password?
typodupeerror
DEAL: For $25 - Add A Second Phone Number To Your Smartphone for life! Use promo code SLASHDOT25. Also, Slashdot's Facebook page has a chat bot now. Message it for stories and more. Check out the new SourceForge HTML5 internet speed test! ×
IOS OS X Programming Security Apple

FireEye: Many Companies Still Running XcodeGhost-Infected Apple Apps (csoonline.com) 23

itwbennett writes: In September, more than 4,000 applications were found to have been modified with a counterfeit version of Xcode, dubbed XcodeGhost. On Tuesday, FireEye said in a blog post that it has detected 210 enterprises that are still using infected apps, showing that the XcodeGhost malware 'is a persistent security risk.' In addition, whomever created XcodeGhost has also developed a new version that can target iOS 9, called XcodeGhost S, FireEye wrote.
This discussion has been archived. No new comments can be posted.

FireEye: Many Companies Still Running XcodeGhost-Infected Apple Apps

Comments Filter:
  • by SuperKendall ( 25149 ) on Wednesday November 04, 2015 @09:26PM (#50867977)

    Something for iOS developers to be aware of is they need to be careful of using binary only third party libraries which might also have been compiled with Xcode Ghost [possiblemobile.com].

    Thought thankfully Apple rejects app submissions that use them...

    • The problem is that this article (or at least TFS) is talking about enterprise customers, who have likely deployed an MDM solution and gone through the process to be able to side-load apps onto their enrolled devices bypassing the App Store. So you've got incompetent developers that are using hacked versions of Xcode (or, pre-hacked libraries, as you postulate), combined with bypassing the checkpoint that keeps most of Apple's users free of this crap.

  • by jeffb (2.718) ( 1189693 ) on Wednesday November 04, 2015 @10:17PM (#50868223)

    Did him really?

    Cripes, Dice, spring for an editor.

  • Are apps I've never heard of and likely would never use.

    • Apparently, though, since they're reported here to be out in the wild, somebody found them useful, or at least worth installing.

      Damage Control! Roll out the fud (but go soft on the fear, we've got iPhones to sell)

      • And the reason why this article is specific to talking about enterprise, is because those businesses are doing two things that the average user won't be:

        1. Downloading a hacked version of Xcode from a non-Apple website, and using it to develop applications, which then get trojaned by the crap version of Xcode
        2. Sideloading these applications by way of their developer agreement / MDM solution, bypassing the App Store and it's approval / curation.

        • Makes sense. I'm just wondering why the hacked Xcode versions when you get it *for free* on the App Store and get updates there too. Just seems really stupid.

I am a computer. I am dumber than any human and smarter than any administrator.

Working...