1/14/2024 0 Comments Malware apple xcodeAs another example, the XcodeGhost malware can read and write data in the user's clipboard, which would allow it to snatch a password. Some iOS password manager apps use the system clipboard to paste passwords into the login dialog. For example, this could be used to force automatic phone calls to premium phone numbers, which can charge up to $1 per minute in some cases. This isn't limited to HTTP and FTP URLs, but includes local URLs, such as itunes:// and twitter:// that iOS can be used for inter-app communications. URLs can be sent to the iOS device and opened. This phishing exploit could convince a user to enter sensitive information as long as the dialog was consistent with the app. Though first considered benign like the Android Stagefright exploit, Xiao says it's more dangerous than it seems.īased on the details in Palo Alto Networks' analysis, XcodeGhost can be used to create a prompt for the user's credentials or other sensitive information. Recent developments indicate that this malware isn't limited to China, as reported earlier by TechCrunch, though evidence indicates that the malware originated there. Wired reported that Apple had removed over 300 apps contaminated with XcodeGhost. The company didn't disclose the specific iOS vulnerabilities exposed by the XcodeGhost malware and didn't indicate how its iPhone users were affected, but Palo Alto Networks security analyst Claude Xiao reported that XcodeGhost had been used to phish for iCloud passwords. Apple did not report many details when it confirmed the XcodeGhost malware that had infiltrated the iOS App Store.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |