Previously, a researcher managed to get a malicious app in the Google Play Store and it was even mentioned in the description of the application. The presentation was made at Defcon few weeks back. Now, researchers from Georgia Tech managed to get a malicious application approved in App Store. The team reports that the application was approved in March and was only live for a few minutes.
It has been mentioned that the application was purported to bring news from Georgia Tech and that contained code that later assembled itself as a malicious code capable of stealing the personal information and device ID numbers, post tweets, send emails and attack other applications.
The researchers mentioned that the application was scanned by Apple just for a few seconds before it was approved and published in the App Store. This may be due to the fact that the code was fragmented and Apple’s scanning software was unable to identify it as a threat. This is a big security issue as it involves putting people’s personal information at risk. Although, no one downloaded the application while it was live.
The research paper was due for a talk in Washington on Friday. Apple spokesman Tom Neumayr said that the company has made some changes to its OS following the issues outlined in the research paper. He didn’t comment on what changes were made to make sure this doesn’t happen again.
We do hope that Apple will tighten its approval process and make sure malicious apps don’t get approved in the App Store. Apple’s security has been compromised recently that resulted in the Developer center to go down for more than a week, and I think it is time they make sure their systems are offering the best possible security to its users.
Source: Technology Review