[Abstract] the developer uses the unofficial channel to download the Xcode compiled application is injected into the third party code.
technology news in September 18th, according to the cloud network and Silicon Valley security company Palo Alto issued a safety warning that, in the App Store shelves NetEase cloud music multiple applications into the Xcode third party malicious code, sends the user information to the virus author server.
cloud network said that developers use Xcode non official channels to download the compiler tools, LED applications developed into the third party code, will take the initiative to the basic information of a web site and application system. NetEase v2.8.3 latest version of cloud music has been infected with the virus.
Twitter users broke the news that, in addition to the impact of NetEase cloud music, but also includes 12306, CITIC Bank card space, such as the application of the motion of the. @fannheyward love iOS development director micro imagination.
at present, the third party malicious code pointed to the malicious site init.icloud-analysis.com has been closed, it is understood that the domain name for the author of the virus for the collection of data information.
cheetah mobile security expert Li Tiejun told Tencent technology, which is the transformation of the crisis caused by the development tools. Since the virus will be collected including time, bundle ID (Bao Ming), application name, system version, language, country, etc., and upload, so to some extent will reveal privacy.
, however, due to the limitations of Apple’s own rights is relatively strict, the disclosure of such information is relatively speaking, the threat is not serious, and users do not worry too much account security.
Li Tiejun said that the only way to solve the problem is that we can only wait for developers to re install the new package replacement. For users, you can choose to uninstall the application, or wait for updates.
why on the Xcode implanted malicious code, Li Tiejun said, black hope to collect user information in order to advertising, the latter there is room for interest. Due to the limitations of apple more, more stringent review, the common model can not run, so only from the development of breakthrough. Although there is limited personal information, but there is still business value. The so-called black production, is to rely on the collection of personal information, a group of people to sell personal information for profit.
is the following warning warning issued by the cloud network:
untrusted download source Xcode contains malicious code early warning (APP has been affected by the enterprise
on the morning of September 17th, micro-blog users @JoeyBlue_ exposure that there are developers with an unofficial channel to download the Xcode compiled applications are injected into the third party code, to a