蘋果應用商店遭遇惡意軟件攻擊事件始末
Apple has owned up to a rare incursion of malicious software into its App Store, forcing it to pull some of the most widely used mobile apps in China from the service.
蘋果(Apple)承認其應用商店(App Store)遭遇罕見的惡意軟件攻擊,迫使它撤下了一些在中國被廣爲使用的移動應用。
Late on Sunday in California, the iPhone and iPad maker confirmed reports by security researchers who had warned that a swathe of popular Chinese apps had been created using developer tools that were infected with the malware, resulting in the compromised apps.
上週日晚,這家iPhone和iPad的生產商在加州證實了安全研究人員報告中的說法,這些研究人員警告稱,一大批熱門的中國應用是用被惡意軟件感染的開發工具創建的,結果導致這些應用被攻陷。
“Hundreds of millions” of users of the popular Chinese apps were at risk of having their personal data exposed, including people who use Tencent’s WeChat mobile messaging service and ride-hailing app Didi Kuaidi, according to Palo Alto Networks, a US cyber security company.
美國網絡安全公司Palo Alto Networks稱,一些熱門中國應用的“數億”用戶的個人數據可能被泄露,包括使用騰訊(Tencent)微信(WeChat)和打車應用滴滴快的(Didi Kuaidi)的用戶。
Apple said it had removed the infected apps, which had been created with what it said was a fake version of its software for app developers, known as Xcode.
蘋果表示,它已移除被感染的應用,這些應用是開發人員用假冒版的Xcode軟件創建的。
It did not explain how developers of a large number of China’s most widely used mobile services had all been infected with the same piece of malware, or how the infected apps that resulted had got through its security screening for the App Store.
蘋果沒有解釋大批中國熱門應用的開發人員是如何被同一款惡意軟件攻陷的,也沒有透露被感染的應用是如何通過蘋果應用商店的安全審查的。
“To protect our customers, we’ve removed the apps from the App Store that we know have been created with this counterfeit software and we are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps,” Apple said.
蘋果表示:“爲了保護我們的客戶,我們已從應用商店移除那些我們知道是用假冒軟件創建的應用,我們正與開發人員合作,確保他們在使用正版Xcode重建他們的應用。”
The admission is a black eye for the US company, which has made much of its superior security track record in mobile apps compared with that of Google.
這番承認對蘋果而言是個打擊。蘋果移動應用的安全記錄在很大程度上優於谷歌(Google)的應用。
Palo Alto Networks said in a blog post on Friday that it had found 39 apps in Apple’s App Store that had been created with the infected developer software, which has been dubbed XcodeGhost. Along with WeChat and Didi Kuaidi, the compromised apps include ones for games, banking, stock trading, maps, social networks, and mobile phone services, it added.
Palo Alto Networks在上週五發布的一篇博文中表示,它已在蘋果應用商店發現有39款應用是用被感染的開發軟件創建的,這種軟件被稱爲XcodeGhost。Palo Alto Networks補充稱,除了微信和滴滴快的,被攻陷的應用還包括遊戲、銀行、股票交易、地圖、社交網絡和手機服務等應用。
Tencent said in a statement on social networking service Sina Weibo that it had replaced the compromised version of its app. It also said that users had not lost personal information or other property because of the infection.
騰訊在新浪微博上的一份聲明中表示,最新版本微信已經解決此問題,目前尚沒有發現用戶會因此造成信息或者財產的直接損失。
