When Apple’s App Store saw an influx of XcodeGhost Apps the company, once known for their seemingly impenetrable security, seemed to have finally had a weakness exploited. While the infected apps aren’t “security-invading malware,” the problem seems to be more plentiful that originally reports suggested.
“We were able to identify 476 affected apps for our customers from within our database–which is far more than the initial finding of around 40 apps would suggest.”
With the numbers steadily growing over the past couple of months, it’s easy for researchers to worry about the possible affects that these apps can have on consumers. However, researchers and Apple are maintaining that there hasn’t been malicious use of the app, nor do they expect any personal credentials or information to be phished.
“The framework itself contains no code to display login prompts or alerts of any kind that could be used to phish credentials (the alert has no field for text input),” according to researchers findings.
“The only way to launch a phishing attack using this framework would be to send the response to open a URL pointing to a malicious website.”
Meanwhile, Apple says there has been no direct evidence that the apps have been used maliciously therefore the increased fear after the XcodeGhost was exposed is unnecessary. So Apple can breathe a sigh of relief but it might be best to completely rid the Apps from the store to ensure added safety.