Unauthorized third parties had tampered the Apple’s Xcode software, a code library used by developers of Mac OS X and iOS applications, and published it on the net.
Some developers downloaded it and used it to create their apps and uploaded the apps on Apple App Store.
These apps could communicate with third parties details of your iOS devices and attempted to phish for iCloud passwords.
Apple removed the tainted apps and started working with the developers to make sure they were using the proper version of Xcode to rebuild their apps.
Source: https://grahamcluley.com/ios-app-xcodeghost-malware/
"id": "APP12520422",
"linkid": "apple",
"type": "Cyber Attack",
"date": "09/2015",
"severity": "100",
"impact": "5",
"explanation": "Attack threatening the organization's existence"