苹果应用商店遭遇恶意软件攻击事件始末

Apple has owned up to a rare incursion of malicious software into its App Store, forcing it to pull some of the most widely used mobile apps in China from the service.

苹果(Apple)承认其应用商店(App Store)遭遇罕见的恶意软件攻击，迫使它撤下了一些在中国被广为使用的移动应用。

Late on Sunday in California, the iPhone and iPad maker confirmed reports by security researchers who had warned that a swathe of popular Chinese apps had been created using developer tools that were infected with the malware, resulting in the compromised apps.

上周日晚，这家iPhone和iPad的生产商在加州证实了安全研究人员报告中的说法，这些研究人员警告称，一大批热门的中国应用是用被恶意软件感染的开发工具创建的，结果导致这些应用被攻陷。

“Hundreds of millions” of users of the popular Chinese apps were at risk of having their personal data exposed, including people who use Tencent’s WeChat mobile messaging service and ride-hailing app Didi Kuaidi, according to Palo Alto Networks, a US cyber security company.

美国网络安全公司Palo Alto Networks称，一些热门中国应用的“数亿”用户的个人数据可能被泄露，包括使用腾讯(Tencent)微信(WeChat)和打车应用滴滴快的(Didi Kuaidi)的用户。

Apple said it had removed the infected apps, which had been created with what it said was a fake version of its software for app developers, known as Xcode.

苹果表示，它已移除被感染的应用，这些应用是开发人员用假冒版的Xcode软件创建的。

It did not explain how developers of a large number of China’s most widely used mobile services had all been infected with the same piece of malware, or how the infected apps that resulted had got through its security screening for the App Store.

苹果没有解释大批中国热门应用的开发人员是如何被同一款恶意软件攻陷的，也没有透露被感染的应用是如何通过苹果应用商店的安全审查的。

“To protect our customers, we’ve removed the apps from the App Store that we know have been created with this counterfeit software and we are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps,” Apple said.

苹果表示：“为了保护我们的客户，我们已从应用商店移除那些我们知道是用假冒软件创建的应用，我们正与开发人员合作，确保他们在使用正版Xcode重建他们的应用。”

The admission is a black eye for the US company, which has made much of its superior security track record in mobile apps compared with that of Google.

这番承认对苹果而言是个打击。苹果移动应用的安全记录在很大程度上优于谷歌(Google)的应用。

Palo Alto Networks said in a blog post on Friday that it had found 39 apps in Apple’s App Store that had been created with the infected developer software, which has been dubbed XcodeGhost. Along with WeChat and Didi Kuaidi, the compromised apps include ones for games, banking, stock trading, maps, social networks, and mobile phone services, it added.

Palo Alto Networks在上周五发布的一篇博文中表示，它已在苹果应用商店发现有39款应用是用被感染的开发软件创建的，这种软件被称为XcodeGhost。Palo Alto Networks补充称，除了微信和滴滴快的，被攻陷的应用还包括游戏、银行、股票交易、地图、社交网络和手机服务等应用。

Tencent said in a statement on social networking service Sina Weibo that it had replaced the compromised version of its app. It also said that users had not lost personal information or other property because of the infection.

腾讯在新浪微博上的一份声明中表示，最新版本微信已经解决此问题，目前尚没有发现用户会因此造成信息或者财产的直接损失。