DoNews September 19th news (reporter An Hong) recently broke apple iOS platform was XCodeGhost Trojan invasion of the security field has been much attention. Industry security analysis platform released a report that is expected to infect Apple users more than 100 million.
event detonated an analysis published in the September 18th cloud network: analysis of Ghosts – XCodeGhost sample XCode compiler, the pure technical analysis report caused many developers iOS ecological chain on the China.
Some programmers use
in short, the third party security problems of the Xcode compiler to write APP, when it was uploaded to AppStore and users to download and install the basic information, it will secretly upload software package name, application name, version, language and state system. From the analysis of virus samples, these leaked information does not involve too much privacy issues.
it is worth noting that the virus has more permissions, which pop up phishing sites on the iPhone/iPad page, you may cheat iCloud account password or other key information.
which APP is affected by
?According to the analysis of
cheetah Security Institute, by XCodeGhost events APP may have more than 30, including WeChat, NetEase, cloud music Netease Open Class, my name is MT, flush, Nanjing bank, China Southern Airlines, China CITIC Bank card action space, name card, Almighty King angry little bird and so on 2 well-known applications. Install the iPhone/iPad user for the above application or may disclose basic information. Cheetah mobile security expert Li Tiejun reminder, such as the user in the near future to enter the icloud password, credit card information and other sensitive information to the class of applications, in theory, may have been compromised. Li Tiejun suggested that, based on security considerations, the user is best to relate to the password, payment methods, etc..
Apple needs security software?
in the past it is generally believed that as long as you do not jailbreak Apple terminal device is safe. Now, this theory is broken.
security experts said that if the tricks in the development tools that may deceive programmers, add harmful code and compile your application in, or even bypass the security review mechanism of AppStore, the user data security threat.
all in all, iPhone/iPad does not escape the risk is still controllable. Although Apple’s security review did not detect a threat, but users choose to download applications from the official market is still much safer than the chaos of the Android application market.
after the event, Apple will strengthen the security review process for APP, but Apple will not provide more permissions for certain software (such as security software). Moreover, a system that will not be conquered is a myth.