Apple Didn’t Notify 128 Million Users of iPhone Hack

Share post:

In 2015, Apple uncovered 2,500 malicious apps downloaded 203 million times by 128 million users, including 18 million from the United States. Apple failed to notify the users.

While Dale Bagwell of Apple’s Customer Experience Team discussed the logistics of notifying all 128 million users, including notifying users in their local languages and specifying the names of the apps for each customer hours after discovering the malicious apps, recent revelations revealed that Apple never sent such emails to affected users. The iOS hack in question was made possible by legitimate developers using a fake development tool called Xcode, which was downloaded from an unofficial source because it was faster and easier. XcodeGhost, a newly packaged tool, secretly inserted malicious data alongside normal app features.

Instead of sending an email to affected users notifying them of the malicious apps, Apple released a now-deleted post that includes general information about malicious app campaigns, while listing only the 25 most frequently downloaded apps in the post. “If users have one of these apps, they should update the affected app which will fix the issue on the user’s device. If the app is available on [the] App Store, it has been updated, if it isn’t available it should be updated very soon.”

While Apple has long prioritized the safety of the product it sells and has made privacy a centerpiece of its product, the lack of follow-up by Apple seems very disappointing.

For more information, read the original story in Arstechnica.

Featured Tech Jobs


Related articles

Abuse of valid accounts by threat actors hits a high, says IBM

Attackers are finding that obtaining valid credentials is an easier route to achieving their goals, s

Cyber Security Today, Feb. 21, 2024 – A patch warning from ConnectWise, the latest ransomware news, and more

This episode reports on a report comparing business email compromise attacks against ransomware

UK leads takedown of LockBit ransomware gang’s website

The LockBit ransomware gang’s website has been seized, several news agencies reported late Monday. The Reuters news agency and The Register are carrying stories based on a new splash screen that has appeared on the gang’s website. It says, “This site is now under the control of the National Crime Agency of the UK, working

Cyber Security Today, Feb. 19, 2024 – Fake police data breach notification fools Maine’s AG site

This episode reports a recent fake data breach report and two real ones, a man pleads guilty to being involved in malware distribution

Become a member

New, Relevant Tech Stories. Our article selection is done by industry professionals. Our writers summarize them to give you the key takeaways