A new iOS and OS X malware dubbed XcodeGhost was recently discovered, putting a hitch in the iOS 9 rollout and a dent in the App Store's reputation for safety.
Apple's strict quality control seems to have failed here, but they've moved quickly to resolve the issue with a quick purge of the affected apps.
This, however, doesn’t mean you should rest easy and let Apple do all the work. Because where malware is concerned, you’ll need to be vigilant and make sure it doesn’t ensnare you in its tight, malicious grip.
What is XcodeGhost?
The exploit was made public by security researchers at Palo Alto Networks. It allows a hacker to spy on your device or steal your password. Your personal and device information could be in danger, Mashable reports, "including your Apple ID and iCloud password, the contents of your device's clipboard and your device’s name, type and UUID (universally unique identifier)."
[Image source]: Freepik
What's the damage?
Affected apps include WeChat, Angry Birds 2 (Chinese version), Chinese ride-sharing app Didi Chuxing, train ticket app Railway 12306 and PDF scanning app Camscanner Pro. Lookout, a mobile security app, is actively updating this list of infected apps. Check it out for the latest information.
Even if you weren't affected in this latest malware attack, stay vigilant with the following tips to keep your iPhone safe.
Step 1: delete affected apps immediately
If you've downloaded any of these apps, Lookout advises you to delete them immediately (unless an update is available) and reset your iCloud password. WeChat has been updated and the new version has removed the malicious code.
Step 2: turn on two-factor authentication
If you haven't already turned on two-factor authentication, now might be a good time. The added security prevents hackers from accessing your account since a randomly generated one-time password is sent to your mobile number.
Step 3: use anti-malware apps
If you were running iOS 8 and downloaded the Lookout app, you would have gotten an alert about any infected apps on your device. Consider installing the app to stay up to date on future malware attacks. iOS 9 users would not have received an alert, due to the limitations of the new operating system.
Apple has been famously intolerant to anti-malware apps. It cracked down on them a few months ago, but Lookout seems to have survived the cull. Same with the McAfee Mobile Security app, another option to check out.
Step 4: download and update apps only from the App Store
It’s kind of an irony to say this since the affected apps were available on the App Store before the purge. That said, everyday users can stay (relatively) safe by sticking to the App Store. Apps from the App Store have gone through Apple's quality control process. The App Store review guidelines say, "Apps that require users to share personal information, such as email address and date of birth, in order to function will be rejected."
Make it a point to constantly update your apps. At the very least, the apps will be more stable after going through rounds of updates.
Step 5: update to the latest iOS version
It also helps to stay up to date with iOS. Sticking with an older version means your device won't have the latest security updates or features. iOS 9 is already available, so if you haven't updated your iDevice yet, go download it now.