View all newsletters
Receive our newsletter - data, insights and analysis delivered to you
  1. Technology
  2. Cybersecurity
November 5, 2015

3000 Apple App Store Apps vulnerable to hackers

News: Research found an ad library was a potential backdoor for attackers

By Charlotte Henry

Thousands of iOS apps from the Apple App Store have a potentially "backdoored" version of an ad library that could allow hackers access sensitive data and functions on a device. In total 2,846 are affected.

Malicious functionality could be remotely controlled via JavaScript code on a remote server device.

Potential actions that could have been performed include capturing audio and screenshots, monitoring and uploading the devices location, and opening URL schemes to identify and launch other apps on the device.

Cybersecurity firm FireEye says that attackers could modify files in the app’s data container, and alter the app’s keychain, as well as prompting users to install non-App Store apps.

In a blog post, the researchers say: "While we have not observed the ad server deliver any malicious commands intended to trigger the most sensitive capabilities such as recording audio or stealing sensitive data, affected apps periodically contact the server to check for new JavaScript code."

The fear is that malicious JavaScript code that opens the potential backdoors could be downloaded and executed. By November 4th, FireEye had noted over 900 attempts to contact a server that could deliver the code and control the backdoors.

FireEye has contacted Apple about its findings.

Content from our partners
Rethinking cloud: challenging assumptions, learning lessons
DTX Manchester welcomes leading tech talent from across the region and beyond
The hidden complexities of deploying AI in your business

Websites in our network
Select and enter your corporate email address Tech Monitor's research, insight and analysis examines the frontiers of digital transformation to help tech leaders navigate the future. Our Changelog newsletter delivers our best work to your inbox every week.
  • CIO
  • CTO
  • CISO
  • CSO
  • CFO
  • CDO
  • CEO
  • Architect Founder
  • MD
  • Director
  • Manager
  • Other
Visit our privacy policy for more information about our services, how Progressive Media Investments may use, process and share your personal data, including information on your rights in respect of your personal data and how you can unsubscribe from future marketing communications. Our services are intended for corporate subscribers and you warrant that the email address submitted is your corporate email address.