According to a recent report from Reuters, Apple has removed a number of applications from its iPhone and iPad app store that have been identified to have malicious code in them.
The malicious code in the apps is know as XcodeGhost and it was apparently embedded in hundreds of apps that were in the app store, this is the first time this has happened to the company since the app store launched back in 2008.
The hackers managed to embed the malicious code in apps by getting developers to use a counterfeit version of Xcode, which is used to create apps, the code was then injected into any apps which were compiled using the fake Xcode.
Apple has released a statement to Reuters, which can be seen below, the company has not released any more information about the malicious code.
We’ve removed the apps from the App Store that we know have been created with this counterfeit software,” Apple spokeswoman Christine Monaghan said in an email. “We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.
Apple’s app store is well policed, all applications that show up in their store are individually approved by Apple, so this is a big deal fore these apps to get through Apple’s strict controls.
According to Ryan Olson, Director of Threat Intelligence at Palo Alto Networks, the malicious code has limited functionality and his company has not found any examples of data theft as a result of the code.