• The TUGBBS forums are completely free and open to the public and exist as the absolute best place for owners to get help and advice about their timeshares for more than 30 years!

    Join Tens of Thousands of other Owners just like you here to get any and all Timeshare questions answered 24 hours a day!
  • TUG started 30 years ago in October 1993 as a group of regular Timeshare owners just like you!

    Read about our 30th anniversary: Happy 30th Birthday TUG!
  • TUG has a YouTube Channel to produce weekly short informative videos on popular Timeshare topics!

    Free memberships for every 50 subscribers!

    Visit TUG on Youtube!
  • TUG has now saved timeshare owners more than $21,000,000 dollars just by finding us in time to rescind a new Timeshare purchase! A truly incredible milestone!

    Read more here: TUG saves owners more than $21 Million dollars
  • Sign up to get the TUG Newsletter for free!

    60,000+ subscribing owners! A weekly recap of the best Timeshare resort reviews and the most popular topics discussed by owners!
  • Our official "end my sales presentation early" T-shirts are available again! Also come with the option for a free membership extension with purchase to offset the cost!

    All T-shirt options here!
  • A few of the most common links here on the forums for newbies and guests!

Question about recent "hack" of Apple Apps...

theo

TUG Review Crew: Veteran
TUG Member
Joined
Mar 21, 2007
Messages
9,033
Reaction score
2,268
Points
648
Location
New England Coast
I openly and willingly admit my general state of computer / techno ignorance. I'm wondering if some more technically savvy TUGGER might be able and willing to explain in comprehensible layman terms how malicious code in apps can somehow "get past" Apple when all apps supposedly get "screened" by Apple before becoming "approved" and then openly offered via the Apple Store?

This question is not a knock on Apple. My first smart phone after decades with a flip phone was (...and still is) a Apple 5s. I think the device is wonderful and truly impressive and I tip my cap to Apple. I like the device a lot and should have "converted" sooner.

I've read through the list of (known.....so far, anyhow) "hacked" apps and I don't have or want or use any of them, so my question is not "what happens to me now"?
My question is about internal procedure at Apple. Specifically, how do 80+ (...and counting?) apps containing malicious code (malicious code apparently discovered by others outside of Apple, by the way) manage to escape the notice of whatever Apple techies actually examine that stuff as their job responsibility before an app is subsequently offered through the Apple Store?

I'm just not grasping this at all. :confused::shrug::confused:
 
Last edited:

SmithOp

TUG Review Crew
TUG Member
Joined
Jun 17, 2010
Messages
7,610
Reaction score
3,403
Points
499
Location
Huntington Beach, CA
Resorts Owned
HGVC King's Land 2BR Premier 23.040K Points.
Apple provides developers with software to create apps, called xcode kit. This kit was found to be hacked to add unwanted code to apps developed used the bad version. Once the bad version was found Apple removed all the apps created using this bad version.

This bad version of the developer kit was distributed inside China, it was a faster way for Chinese developers to download the kit due to the restrictive firewall that Chinese govt has in place. Downloads from Apple and other US sites are very slow because of the firewall.


Sent from my iPad using the strange new version of Tapatalk
 

bnoble

TUG Member
Joined
Nov 14, 2006
Messages
11,636
Reaction score
5,370
Points
798
Location
The People's Republic of Ann Arbor

theo

TUG Review Crew: Veteran
TUG Member
Joined
Mar 21, 2007
Messages
9,033
Reaction score
2,268
Points
648
Location
New England Coast
As for why it was not detected: the code is injected by the compiler, it's not part of the source that is reviewed. These kinds of attacks are very very hard to find. Indeed, Ken Thompson (the creator of UNIX) talked about a particularly clever version of this at his Turing Award ceremony:

http://delivery.acm.org/10.1145/360..._=1442938808_8bf3fd0150f55fcfe91d0fca6ac19115

Couldn't successfully access the above link, but will try other avenues to see if I can find / view Mr. Thompson's commentary (which I may not comprehend anyhow).
 

theo

TUG Review Crew: Veteran
TUG Member
Joined
Mar 21, 2007
Messages
9,033
Reaction score
2,268
Points
648
Location
New England Coast
Last edited:
Top