Apple and Epic Games suit over Fortnite revealed that the XCodeGhost attack back in 2015 affected 128 million users, said Ars Technica. Apple acknowledged that the attack happened during the incident but did not disclose its extent.
Reports of the XCodeGhost malware emerged six years ago when security researchers found 40 applications in the App Store containing malicious codes. This number blew up to 4,000 as more researchers studied that issue.
According to reports, the malicious codes caused iPhones and iPads to participate in a botnet with the intention of stealing user information, particularly those that are potentially personal and sensitive.
Then, the legal battle between Epic Games and Apple happened, revealing the extent of the attack. This trial occurred as Epic Games accused apple of oppressive App Store policies and monopolizing the App Store and what apps appear on it.
During the trial of the suit filed by Epic Games against Apple, an email presented to the court revealed that Apple executives found 2,500 malicious applications that had been downloaded by 128 million users 203 million times.
The email exchange talked about the intent to send out notifications to affected users, including the logistics of how to notify them. The discussion also mentioned, “accurately including the names of the apps for each customer.”
However, the company was not able to produce evidence that it sent out such emails, but it did publish a now-deleted post warning users of the XCodeGhost malware. The post explained that XCode is a legitimate Apple app development tool.
However, the infections arose due to app developers using a counterfeit version of XCode, dubbed XCodeGhost.
Slash Gear noted that “Apple would later say that they were not aware of any actual use of the exploit, suggesting that users were still safe despite the number of infected apps and potential victims.”
Meanwhile, this is not the first time that the company’s top brass has been interfering with security problems.
In a 2013 article, it was revealed that executives have received reviews about vulnerabilities in its static analyzer, which allowed researchers to potentially sneak in malicious applications in the App Store. These issues were not revealed to the public until the Ars Technica article in 2013.
These two incidents show that the company has failed to address security issues in the App Store. Epic Games could use this as a weapon to prove that Apple is indeed using its power to control and monopolize the App Store.