…certainly not according to FireEye, whose researchers tell us that a wide range of industries are still running apps compromised by XcodeGhost-compromised apps, information based on their observations of attempts to connect to its C&C servers. The article includes a link to the 20 most active apps out of 152 monitored.
While some of the infected devices are running 9.x.x, around 70% are running on older versions. While I don’t have a problem in principle with encouraging people to upgrade to the latest version (as advocated by FireEye), it’s worth remembering that:
- The first release of a new iOS version sometimes seems to include some security flaws: as with all software updates, sometimes stuff gets broken that worked OK before. That doesn’t mean you shouldn’t upgrade, but it’s a good idea to keep track of early issues and minor updates.
- There are a lot of devices that can’t be updated to 9.x: to the best of my knowledge – I don’t track these things generally – these include iPhones prior to the 4s, versions of the iPod touch prior to the 5th Generation, and 1st Generation iPads.
- System updates don’t fix everything. In fact, FireEye’s article includes a little information on a variant ‘S’ that specifically addresses iOS 9 and is intended to bypass static detection.