The exploit, found by a good few security firms, noted that a malicious piece of code dubbed XcodeGhost was written into the affected apps. Xcode, in its pure form, is used by Apple developers to write iOS and OS X apps for the company’s platforms.
No ad to show here.
This version, according to researchers, was possibly downloaded from an unofficial server in China rather than that of a trusted source and can give the attacker access to the users’ clipboard, prompt fake phishing dialogs and open URLs, according to Palo Alto Networks.
A security flaw, caused by an external malware, was recently discovered affecting iOS users only on WeChat version 6.2.5. This flaw has been repaired and will not affect users who install or upgrade WeChat version 6.2.6 or greater, currently available on the iOS App Store.
Rather incredibly, because of WeChat’s issue, over 500-million iOS users could be at risk, thanks to the prevalence of the chat app in China especially. It should be noted that the vulnerability can exploit users inside and outside China’s borders and those running any version of iOS.
According to Reuters, Apple spokesperson Christine Monaghan suggests that Apple is in the process of removing the infected apps and “working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”
There’s no definitive way to safeguard against the issue, but the safest thing to do is uninstall any apps that might seem suspicious or are featured on the list below. It might also be a good idea to reset any passwords afterwards as well, and clear your clipboard and browsing history.
For a list of all the apps known to be infected, have a look at the MacRumors forum.
Feature image: Kārlis Dambrāns via Flickr