Apple is currently working on fixing the largest security breach in the history of the App Store after hackers infiltrated malware inside genuine apps by fooling developers to download a compromised iOS app making software version. Even though Apple said it has removed apps that contained malicious code, security firms said that some app versions still contained malware. But the good news, for affected customers, is that Apple will now notify you if you have installed apps compromised by the XcodeGhost malware.
More importantly, Apple says that user data is safe, as the code couldn’t have stolen critical personal information such as Apple ID credentials.
The company set up a help page on its support website, offering customers more details about the hack. Apple says it’s going to list the top 25 most popular apps impacted by XcodeGhost and contact affected users.
“We’re not aware of personally identifiable customer data being impacted and the code also did not have the ability to request customer credentials to gain iCloud and other service passwords,” Apple says in the FAQ section. “Malicious code could only have been able to deliver some general information such as the apps and general system information.”
Naturally, for added peace of mind, you can change iCloud passwords, especially if you have downloaded malicious apps.
“Customers will be receiving more information letting them know if they’ve downloaded an app/apps that could have been compromised,” Apple added. “Once a developer updates their app, that will fix the issue on the user’s device once they apply that update.”
On top of that, Apple is blocking new apps that contain malicious code from getting into the App Store, and it’s working with developers to make sure they use genuine Xcode software rather than the counterfeit version found on Chinese servers to build apps.