![]() … In other words, Apple’s Gatekeeper technology, which prevents non-App Store and unsigned om being installed, was doing its job. MORE Update 2: Sarah Perez notes that that devs may not have been paying attention: To even install this version of the Xcode software, developers had to ignore a warning which indicated the software was damaged and should be moved to the trash. MORE And it seems Cendrowski says that based on this analysis by Samuel Wade: Xcode is usually obtained directly from Apple.but because large cross-border downloads can be slow and unreliable in China, in large part because of the government’s Internet controls, many users there turn to potentially unsafe unofficial sources. … China’s tight Internet controls appear to have backfired, for once very publicly, putting the country’s own tech champions at risk. MORE Update 1: Scott Cendrowski lays the blame at China's great firewall: keeps users inside the country from accessing Facebook, the New York Times, and other sites banned because they pose some threat.to the ruling Communist Party. … It's faster to download the CentOS "Everything ISO" (7GB) from ftp mirror in Egypt than to get XCode (3GB) from the global network of the wealthiest company in the world. ![]() ![]() MORE Slow? ORLY? Luc Momal explains: XCode, and everything Apple, takes forever to download. … One theory is that Apple’s servers are slow to download from in China, so developers used this alternative ‘mirror’ (unaware of its true credibility). The hackers somehow convinced developers to use its version of the Xcode tools rather than Apple’s official software. MORE Yeah, but why did devs fall for it? Benjamin "egg" Mayo spreads the background: Developers were inadvertently submitting malware by using counterfeit versions of Xcode, Apple’s development software. … Once you compromise the compiler its game over. ![]() MORE But Sasparilla isn't surprised it happened: Documents released by Snowden pointed out the CIA (in cahoots with the NSA?) had been attempting to compromise Xcode. We believe that stealing passwords or potentially exploiting vulnerabilities in iOS and in legitimate applications may be the true purpose of XcodeGhost. … XcodeGhost is a very harmful and dangerous malware that has bypassed Apple’s code review and made unprecedented attacks. Additionally, according to one developer’s report, XcodeGhost has already launched phishing attacks iCloud passwords. … capable of receiving commands from the attacker prompt a fake alert dialog to phish user credentials hijack opening specific URLs.which could allow for exploitation of vulnerabilities read and write data in the user’s clipboard. MORE So Claud Xiao updates us: In the first report, we noted that the malicious code uploads device information and app information to its command and control (C2) server. Secondly, Apple's quality testers, who generally do a very good job in keeping out nasties. Firstly developers.were duped into using counterfeit software to build their apps. An Apple spokeswoman said."We are working with the developers to make sure they're using the proper version of Xcode to rebuild their apps." … surprising, as it looks like two groups of supposedly informed people have been caught out. Some of the affected apps - including the business card scanner CamCard - are also available outside China. MORE Dave Lee and anonymous Aunty scribblers speak peace unto nation: It is thought to be the first large-scale attack on Apple's App Store. … Chinese security firm Qihoo360.uncovered 344 apps tainted with XcodeGhost. Jim Finkle and Scott DiSavino report there's a problem: Apple Inc said on Sunday it is cleaning up its iOS App Store to remove malicious iPhone and iPad programs.after several cyber security firms reported finding dubbed XcodeGhost.in hundreds of legitimate apps. ![]() Your humble blogwatcher curated these bloggy bits for your entertainment. Not to mention: The most ridiculous thing Tom has built in a long while. In IT Blogwatch, bloggers furiously eyeroll. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |