[Nfbktad] Protect yourself from massive iOS security breach

Todd scorpio62 at windstream.net
Tue Sep 22 23:51:28 UTC 2015 

Very, very helpful. Thanks, Kev.

 

Todd

 

From: Nfbktad [mailto:nfbktad-bounces at nfbnet.org] On Behalf Of Kevin Pearl via Nfbktad
Sent: Monday, September 21, 2015 7:46 PM
To: NFBK TAD
Cc: Kevin Pearl
Subject: [Nfbktad] Protect yourself from massive iOS security breach

 

 

 <http://www.cultofmac.com/389696/protect-yourself-from-massive-ios-security-breach/> cultofmac.com · by Rob LeFebvre

Protect yourself from massive iOS security breach | Cult of Mac

False versions of Xcode may have gotten into your apps; here’s how to fix the problem. 
Photo: Apple

Apple has now been affected by the worst security snafu in iOS history when it found that hundreds of apps, mostly in the Chinese App Store, have malicious code in them, called “XcodeGhost.”

Apple’s pulled the affected apps from the App Store to contain the security breach, but you’ll still need to take a few more steps to make sure your iOS devices aren’t affected. Here’s what you need to do.

The otherwise legit apps were infected by developers who used a counterfeit version of Xcode from Chinese file-sharing service, Baidu, since it was faster to download than the official Apple version of Xcode. Doing so, however, caused the bad code to proliferate and cause this massive iOS security breach.

Since Apple doesn’t allow access to any API’s that a security company would need to know whether malicious code was in any installed apps, says mobile security firm  <https://www.lookout.com/> Lookout, you have to protect yourself manually.

*	First off, keep an eye out for any odd dialogue boxes that show up on your screen. Don’t enter any information without being sure of the source.
*	If you’re running any of the affected apps —  <http://www.cultofmac.com/389693/xcodeghost-hack-delete-these-infected-ios-apps-immediately/#more-389693> full list here — delete them and wait for a developer patch.
*	If any of the listed apps is on your iPhone or iPad, change your Apple account password and be wary of any phishing attempts to get it.

Source:  <https://blog.lookout.com/blog/2015/09/20/xcodeghost/> Lookout

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://nfbnet.org/pipermail/nfbktad_nfbnet.org/attachments/20150922/582f7e55/attachment.html>

More information about the NFBKTAD mailing list