Apple is responsible for distributing 500 million copies of Xcodeghost[1] to its users, and Google's Play Store is the #1 vector for malware on Android[2].
I think it's very misleading to put it like that. Xcodeghost came with an infected version of Xcode that was not distributed by Apple.
From Wikipedia: "Security firm Palo Alto Networks surmised that because network speeds were slower in China, developers in the country looked for local copies of the Apple Xcode development environment, and encountered altered versions that had been posted on domestic web sites."
Right, and despite Apple assuring us that it vets each app and developer via its App Store, 500 million copies of the malware were distributed via the App Store to users' devices.
This is the next sentence after your quote[1]:
> This opened the door for the malware to be inserted into high profile apps used on iOS devices.
> Even two months after the initial reports, security firm FireEye reported that hundreds of enterprises were still using infected apps and that XcodeGhost remained "a persistent security risk". The firm also identified a new variant of the malware and dubbed it XcodeGhost S; among the apps that were infected were the popular messaging app WeChat and a Netease app Music 163.
From the same article:
> Removing malicious apps from the App Store
> On September 18, 2015 Apple admitted the existence of the malware and began asking all developers with compromised apps to compile their apps with a clean version of Xcode before submitting them for review again.
Sure, a wikipedia reading can give that impression. What actually happened is that sytems with infected Xcode installations created infected executables. Those infected executables were then uploaded to the App Store. There were known to be thousands of infected executable images.
[1] https://www.vice.com/en/article/n7bbmz/the-fortnite-trial-is...
[2] https://www.zdnet.com/article/play-store-identified-as-main-...
reply