A new variant of XcodeGhost has been discovered in the wild, leaving China behind to tackle US companies. In September this year, researchers discovered malware able to infect legitimate Apple iOS applications.
The malicious code, known as XcodeGhost, lurked within at least 4000 legitimate iOS apps offered to the Chinese market, placing millions of users at risk. The malware was able to hijack apps through the developer toolkit Xcode, which is used to develop software for Apple's ecosystem. By adding the code to Xcode packages hosted on third-party websites rather than Apple domains, cybercriminals were able to bypass Apple's stringent security protocols.Read more
The funkily-named bug of the week is GHOST. It's a vulnerability caused by a buffer overflow in a system library that is used in many, if not most, Linux distributions. As it happens, the vulnerability is connected with network names and numbers.
The spooky name comes from the system functions where the vulnerable code was found. An attacker may be able to rig up messages or network requests that crash your program; and with a bit of trial and error, they might be able to trigger that crash in a way that gives them control over your computer. That's known as a Remote Code Execution exploit, similar to the bug recently found in the super-secure Blackphone.Read more