Apple began addressing the issue on Sunday after being alerted to the fact that XcodeGhost had been embedded in some apps. "To protect our customers, we've removed the apps from the App Store that we know have been created with this counterfeit software and we are working with the developers to make sure they're using the proper version of Xcode to rebuild their apps," said Apple.
An affected app could automatically open websites designed to infect the device with a virus, or show pop ups designed to gain personal information from the user in a phishing attempt.
Apple's walled garden approach to the App Store means it is typically safe. This is the first major breach of the App Store, before this exploit their had only been five instances of affected apps. Android's open ecosystem, on the other hand, leaves the door open to security issues. Each app goes through a careful review process before Apple allows it into the store. Unfortunately, this time the Xcode malware made its way past Apple's reviews.
What other security exploits have affected iOS on the iPhone and iPad
2014 was a year of security vulnerabilities and targetting of iOS. First off, a security flaw was discovered in late February 2014 that made it possible that an attacker could intercept your data if you are using an unprotected hotspot, perhaps in Starbucks or an internet caf.
Then in late May, some users from the UK, Australia and other countries reported that their iPhones were locked with a message claiming the device was hacked by a person or group named Oleg Pliss who demanded $100 or 100 to unlock it.
Next came news that nude photos of Jennifer Lawrence and around 100 big-name stars including British model Cara Delevigne, Cat Deeley, Kelly Brook, and Rihanna had made their way onto image bulletin board 4chan, at the end of August. Apple claims that the privacy breach was not the result of a compromise of any of the systems used for its iCloud storage service. However, through some means hackers were able to access celebrity photos that were stored in iCloud.
Then in November the first malware with the potential to infect all iPhones and iPads was discovered by security firm Palo Alto Networks. Malware affecting jailbroken devices is nothing new but WireLurker - as the researchers christened it - used a two-stage attack involving USB connections via a Mac or PC, and a glitch in an iOS feature that allows organisations to install their own apps on non-jailbroken iOS devices. While WireLurker installed malicious apps on jailbroken phones and plundered them of personal information - including the device's phone number and iCloud address book - non-jailbroken phones got off more lightly, with just a benign pirated comic book app invisibly installed on the phone. Basic diagnostic data was also passed to a central command server. Apple has since blocked WireLurker on both iOS devices and Macs but experts suggest that the technique used will give rise to further attacks.
Sign up for CIO Asia eNewsletters.