Hundreds of malicious apps have reportedly flooded onto Apple's App Store in
the largest-scale breach ever to hit iOS.
Apple scrambled to delete the bogus iPhone and iPad software after being
alerted to the problem by numerous security firms.
Apps loaded with a malicious string of code dubbed XcodeGhost were able to pass
under the radar after hackers tricked unsuspecting developers into using a
counterfeit version of Apple's software for developing iOS and Mac programmes.
The tainted version of Xcode is believed to have originated from a server in
China, which Apple developers chose because it offers faster downloads than
Apple's US-based alternative.
"We've removed the apps from the App Store that we know have been created with
this counterfeit software," Apple spokeswoman Christine Monaghan told Reuters.
"We are working with the developers to make sure they're using the proper
version of Xcode to rebuild their apps."
Apple did not reveal how users can check whether they have been inflected or
confirm how many malicious apps it has removed.
However, Chinese security firm Qihoo360 Technology claims in a blog post that
it has discovered 344 App Store apps carrying XcodeGhost.
