You’ve probably heard the news: Potentially millions of Apple iPhone and iPad users may be at risk after the first-ever major Apple hack — a breach made possible by fake developer tools used to create iOS apps that made their way onto the Apple App Store.
Developers in China sought to reduce software download times by downloading a copy of the Xcode developer tools hosted on a Chinese server instead of the official version available from Apple. Unknown to developers, this counterfeit version of Xcode automatically embedded some malware, called ‘XcodeGhost’, into their apps. According to Apple this may have led to a number of infected iOS apps leaking, “some general information such as the apps and general system information.”
Apple, which prides itself as one of the most secure OS platforms in the world, quickly responded and apparently removed over 300 pieces of malware-infected software from the App Store. It also simultaneously began working with developers to make sure they were using the correct version of Xcode, and not the fake developer code used to create the infected apps.
The full list of affected apps has not yet been disclosed, but Apple has published a list of the most popular currently-known impacted apps.
Ironically, the Apple hack occurred just as Chinese leader President Xi Jinping was arriving in the U.S. to attend a summit with President Barack Obama to discuss concerns about China’s slowing economy and cooperation on cyber security; as well as meet with top tech firms including Apple.
If you feel you’re at risk of having downloaded any infected apps, here are some things you can do:
- Check the Apple breach list for the known infected apps and delete any of the iOS apps noted above.
- Be on the look out of prompts asking for your name, password or other information, such as your social security number or other sensitive information from a source you cannot verify.
- Change your passwords, including your Apple account password.
- Make sure your apps are up to date.