As you may have heard, Apple confirmed in late September that certain apps available on the App Store had been injected with malware by unsuspecting software developers using a non-approved version of Xcode downloaded from a non-Apple site, Baidu. Below is a link to a good FAQ that includes tips on how to handle this should you be impacted, along with a comprehensive explanation of what XcodeGhost is and what it does on an infected device.
Read the article here: http://www.macrumors.com/2015/09/20/xcodeghost-chinese-malware-faq/
Key highlights include:
- Could your iOS device be infected? Possibly … If you downloaded one of the 50 apps that have been identified to have had infected versions uploaded to the Apple App Store since September 15, delete that version from your device. This impacts all iOS devices including iPhone, iPod Touch and iPad. Apple has since removed all infected software from the App Store, so you should be safe to re-download the latest version.
- What else should I do in addition to deleting potentially infected apps? First, ignore any phishing scams that try to gain your personal information or credentials. Resetting your iCloud password, along with any other passwords input on your iOS device, is also strongly recommended as a precautionary measure.
If you have specific questions not answered in the linked article, feel free to contact Randy Crenshaw, our VP of Mobile Technology, at randy@techorchard.com.
