[Abstract] after the exposure of the backdoor vulnerability, it should be realized that apple is not always secure phone.
Tencent technology Liang Chen reported on September 21st
in the outside impression, closed ecosystem and strict censorship system, making apple devices seem to have a natural defense crisis barrier. But in fact, Apple’s security defense mechanism is more fragile than imagined.
2013, only took less than 30 seconds, the domestic white hat team KeenTeam on the remote break Apple’s latest operating system iOS7.0.3, get a picture of the phone. The hacker conference held in New York in 2014, security expert Jonathan · shows how to use; Zade Chhabra exists in the iOS background of the "back door" service, to extract large amounts of data from iPhone.
employees in the field of security again and again to become the best technology to show the evidence of apple, but for ordinary users, the most recent concern is September 18th. The same day, vulnerability reporting platform cloud network and Silicon Valley security company Palo Alto have released a security warning, NetEase music cloud applications such as the Apple App store shelves were injected into the third party malicious code, the user information exposed or premature ejaculation.
iOS developers and security industry began to find the affected App. Japanese Tencent security emergency response after the disclosure, it has found that AppStore has 76 apps infected.
Twitter @fannheywrd (micro iOS creators love user development supervisor) claimed that the affected App has spread to the application of the 12306 train tickets and CITIC Bank card card space. For a time, the network spread out a variety of security interpretation and reminder, cheetah mobile security experts and even remind users to consider changing passwords and payment methods.
things turn for the better in the morning of 19. A "XcodeGhostSource" account in the code returned website GitHub released the so-called "XcodeGhost" clarification "said in an article, malicious code from individual experiments, because 10 days ago has shut down the server, and delete all the data, is to eliminate the influence of. However, Tencent technology browsing found that the account is a new registered account, the registration time is September 19, 2015.
insiders told Tencent technology, the author does not want to be known outside the identity. Also because of this, the authenticity of this clarification statement sparked heated debate. However, this statement has been forwarded by a number of experts in the field of security.
however, the crisis has not yet been lifted. Insiders recalled, the father of Unix Ken Thompson in the Turing Award speech when he said, in the compilation of Unix code C editor in a back door". Apple iOS>