Apple security news: Apps pulled after malware discovery; $1 million bounty for iOS 9 hack

Apple’s got a couple of security issues on its plate: The company has had to pull apps from its App Store after a malware discovery. And someone’s offering a $1 million bounty for hacking into iOS 9.

Apple has pulled a number of apps after a major attack on its App Store. The apps, including the popular WeChat, were embedded with malware called XcodeGhost because Chinese app developers used a third-party version of Apple’s Xcode tools. Information from affected devices could be uploaded to outside servers.

A security researcher from Palo Alto Networks wrote Friday about the discovery of the problem, noting that it is the sixth time malware has made it through to Apple’s App Store. The researcher, Claud Xiao, noted that some Chinese developers choose to get Apple’s Xcode installer from other sources because of slow network speeds in China. Palo Alto Networks has a list of affected apps.

Meanwhile, Wired reports that a new security firm called Zerodium has offered a $1 million bounty to anyone who can hack into Apple’s recently released iOS 9. The conditions, according to Wired: “The terms of the offer include the demand that the bug not be reported to Apple or publicly disclosed, the better to allow Zerodium’s customers to use the technique in secret.”

Zerodium founder Chaouki Bekrar also founded French hacking firm Vupen, which finds flaws but doesn’t report them to companies so they can be fixed. Instead, Vupen develops hacking techniques based on the bugs and then sells them to governments and other businesses.


Photo: A poster touts the many apps available for iOS users. (Associated Press)


Tags: , , , , ,


Share this Post

  • RussellL

    “Vupen develops hacking techniques based on the bugs and then sells them to governments and other businesses.”

    Do they sell to competitors?