Apple has suffered its first large-scale cyber attack after hackers managed to embed malicious software in hundreds of iPhone and iPad apps. Palo Alto, a cybersecurity firm, said on Friday that hundreds of millions of users could have been impacted by the infected apps.
The attack is first large-scale attack on the App Store and occurred despite the existence of the company’s stringent app review process. It was flagged by several cyber security firms flagged who found rogue program XcodeGhost in legitimate apps.
The code can trick developers wanting to use Apple’s genuine Xcode software into downloading the counterfeit version.
The company said it was combing through its App Store to get rid of the bogus programme.
“We’ve removed the apps from the App Store that we know have been created with this counterfeit software,” Apple spokeswoman Christine Monaghan said.
“We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.”
Prior to this attack, Apple had seen just five malicious apps make their way onto the App Store, accoring to cyber security firm Palo Alto Networks.
Ryan Olson, director of threat intelligence at Palo Alto Networks, said the malware had limited functionality and his firm had uncovered no examples of data theft or other harm as a result of the attack.
Still, he said it was “a pretty big deal” because it showed that the App Store could be compromised if hackers infected machines of software developers writing legitimate apps.
Other attackers may copy that approach, which is hard to defend against, he said.