Apple Didn’t Notify 128 Million Users of iPhone Hack

Share post:

In 2015, Apple uncovered 2,500 malicious apps downloaded 203 million times by 128 million users, including 18 million from the United States. Apple failed to notify the users.

While Dale Bagwell of Apple’s Customer Experience Team discussed the logistics of notifying all 128 million users, including notifying users in their local languages and specifying the names of the apps for each customer hours after discovering the malicious apps, recent revelations revealed that Apple never sent such emails to affected users. The iOS hack in question was made possible by legitimate developers using a fake development tool called Xcode, which was downloaded from an unofficial source because it was faster and easier. XcodeGhost, a newly packaged tool, secretly inserted malicious data alongside normal app features.

Instead of sending an email to affected users notifying them of the malicious apps, Apple released a now-deleted post that includes general information about malicious app campaigns, while listing only the 25 most frequently downloaded apps in the post. “If users have one of these apps, they should update the affected app which will fix the issue on the user’s device. If the app is available on [the] App Store, it has been updated, if it isn’t available it should be updated very soon.”

While Apple has long prioritized the safety of the product it sells and has made privacy a centerpiece of its product, the lack of follow-up by Apple seems very disappointing.

For more information, read the original story in Arstechnica.


Related articles

Security research team claims to have helped avert a major supply chain attack

JFrog Security Research team continuously scans public repositories such as Docker Hub, NPM, and PyPI to identify malicious...

Phishing attacks on state and local governments surge by 360%

Phishing attacks targeting state and local governments have surged by 360% between May 2023 and May 2024, according...

What is Ticketmaster saying to its customers?

Here's the letter that has been sent out out to Ticketmaster clients that a reader sent to me....

Cyber Security Today, July 8, 2024 – New ransomware group discovered, and summer podcast break starts

A new ransomware group is discovered. Welcome to Cyber Security Today. It's Monday July 8th, 2024. I'm Howard Solomon,...

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways