XcodeGhost: Was Apple negligent?
Stop the presses! The venerable Apple App Store has been compromised! Yes, it’s shocking news. No, it’s not the end of the world. Don’t label me an Apple apologist, but there are some things to be said in its defense. And more importantly, there are some things to be learned from this event, both by Apple and others.
Certainly a good number of apps (4,000 or so, by some counts) on Apple’s App Store were infected with what has come to be known as the XcodeGhost malware. Plenty has already been written about this, but the TL;DR version is this: A version of Xcode was compromised and distributed online to legitimate Chinese app developers. They unknowingly introduced the malware into the Apple App Store via their apps. The malware, once run on a consumer’s iOS device, communicated with the attackers and was capable of, among other things, robbing a user of private information, including login credentials.