-
(单词翻译:双击或拖选)
Reporter:
Over 350 iOS apps have been affected1 by the hacking3, including the widly used baidu music, wechat, and ride-haling didi.
The problem starts when some programmers don't use the Xcode program officially supplied by Apple Inc.
Instead, they downloaded Xcode program through other channels, in which has been implanted malicious5 code.
Cai Jingjing is from the Expert Committee of the National Vulnerability Database of Information Security.
多个苹果APP感染恶意代码
He says apps constructed with the verified Xcode may be infected with malware.
"We wrote several simple codes with the infected Xcode, like hello world, and then compiled them into a program. A reverse analysis of the program shows the program is implanted with malicious code."
Cai says once apps developed from the verified Xcode are downloaded into the phone, they will collect the phone's information, such as the name of the device, the network type, and its location.
These private information will then be uploaded to a designated website.
On early Saturday morning, an indentified programmer claimed responsibility for the incident.
He made clarification online, justifying6 his actions as just an experiment, with no aim to spread a virus.
However, Lin Wei, phone security expert, doesn't believe what the programmer says, and suspects him of using the malicious codes for commercial uses.
"We found on September 10 that a massive amount of users had been affected by an app that's very popular domestically. It had been programed with malicious code, and the data had been sent back to the main engine of the virus attacker and finally led to its collapse7. The programmer was a littler fearful, and deleted and withdrew the code."
The case is under further investigation8.
Apple has asked affected programmers to withdrew their infected Apps, and advised them to re-program with official Xcode.
So far, no financial losses have been reported.
Experts suggest iPhone users check their apps and delete infected apps, or at least download the latest version. Meanwhile, users are advised to change their passwords for the App Store and for iCloud.
For CRI, this is Sophie Williams .
点击收听单词发音
1 affected | |
adj.不自然的,假装的 | |
参考例句: |
|
|
2 hack | |
n.劈,砍,出租马车;v.劈,砍,干咳 | |
参考例句: |
|
|
3 hacking | |
n.非法访问计算机系统和数据库的活动 | |
参考例句: |
|
|
4 vetting | |
n.数据检查[核对,核实]v.审查(某人过去的记录、资格等)( vet的现在分词 );调查;检查;诊疗 | |
参考例句: |
|
|
5 malicious | |
adj.有恶意的,心怀恶意的 | |
参考例句: |
|
|
6 justifying | |
证明…有理( justify的现在分词 ); 为…辩护; 对…作出解释; 为…辩解(或辩护) | |
参考例句: |
|
|
7 collapse | |
vi.累倒;昏倒;倒塌;塌陷 | |
参考例句: |
|
|
8 investigation | |
n.调查,调查研究 | |
参考例句: |
|
|