Tech News

Apple Execs chose to keep 128 million iPhones quiet

[ad_1]

September 2015, Apple managers had a dilemma at hand: Should 128 million iPhone users be notified of whether or not they had the worst massive iOS compromise on record? In the end, all the evidence shows that they chose to remain silent.

The researchers first created a massive hack 40 App Store found malicious apps, that’s the number mushroom up to 4,000 while there were more researchers. The apps contained code that was part of a botnet that stole information about potentially sensitive iPhone and iPad users.

An the email went into court last week Epic Games lawsuit against Apple shows that on the evening of September 21, 2015, Apple officials found 2,500 malicious applications, a total of 128 million users downloaded 203 million times, of which 18 million in the US.

“Joz, Tom and Christine – because of the large number of potential customers, do we want to send an email to everyone?” Matthew Fischer wrote the App Store VP, talking about Apple CEO Greg Joshua, vice president of marketing around the world, and Tom Neumayr and Christine Monaghan talking about Apple PR. Email continued:

If so, Dale Bagwell of our Customer Experience team will be on hand to handle this on our part. Keep in mind that this will create some challenges for email language localizations, as downloads of these apps have been made in numerous App Store storefronts around the world (e.g., we wouldn’t want to send an English email to one or more of these apps downloaded from the Brazilian App Store, Brazilian Portuguese language would be appropriate).

About 10 hours later, Bagwell analyzes the logistics for notifying all 128 million affected users, locates notifications in each user’s language, and[ing] each client ‘s application names “.

Alas, all appearances are that Apple never followed its plans. An Apple representative could not prove that the email was ever sent. Statements sent by the representative in the background – I have no permission to say – indicate that they were only published by Apple this message has now been deleted.

The publication provides very general information about the malicious application campaign and lists only the top 25 applications that have finally been downloaded. “If users have one of these apps, they should update the affected app that will fix the issue on the user’s device,” the message says. “If the application is activated [the] The App Store, which has been updated, should be updated very soon if it is not available. “

The infections were the result of legitimate developers writing them using a fake copy of the app Xcode, A tool for developing Apple’s iOS and OS X applications. The repackaged tool named XcodeGhost has secretly inserted malicious code along with normal application functions.

From there, the apps caused the iPhone to notify a command and control server and provided various information about the device, including the name of the infected app, app set identifier, network information, device “identifierForVendor” details, and device name, type, and unique identifier.

XcodeGhost billed itself for faster downloads in China compared to the Xcode available from Apple. In order for developers to run a fake version, they would have to click through a warning provided by Gatekeeper, a MacOS security feature that requires a well-known developer to have their application digitally signed.

The lack of follow-up is disappointing. Apple has long prioritized the security of devices it sells. He has done it too privacy the focus of its products. It would be a good idea to inform the victims directly as a result of this interruption. We knew that Google usually doesn’t notify users when they download Malicious Android applications or Chrome extensions. We now know that Apple has done the same.

The email was not the only one Apple showed to solve security problems. A banandu In 2013, Phil Schiller sent a copy of what he sent to Apple members and others Ars Article headline “The seemingly benevolent ‘Jekyll’ app passes the Apple Review, then ‘becomes nasty'”

[ad_2]

Source link

Related Articles

Leave a Reply

Your email address will not be published. Required fields are marked *

Back to top button