Update 1: The list of apps has now been updated with apps identified by Dutch security company Fox-IT. The company is reporting seeing malware traffic from the apps in Europe.
Update 2: Rovio has advised that only the version of Angry Birds 2 in the Chinese App Store was affected.
I wish to clarify that Rovio can confirm that only the Chinese build of Angry Birds 2 — available only on the App Store in Mainland China, Taiwan, Hong Kong and Macau — is vulnerable to the security issue. All other builds of Angry Birds 2 available in other countries are completely safe and secure. An update of Angry Birds 2 for customers in Mainland China, Taiwan, Hong Kong and Macau that fixes the issue is coming very shortly.
After yesterday’s revelation that hundreds of iOS apps on the App Store had been infected by malware, security company Palo Alto Networks has posted a list of some of the affected apps – which include Angry Birds 2.
The apps were infected by a fake copy of Xcode dubbed XcodeGhost, unwittingly downloaded by Chinese developers in place of the real thing. It’s believed they downloaded the fake from local servers because it took too long to download the original from Apple’s own servers. It’s not yet known why Apple’s own checks did not detect the malware when apps were submitted to the App Store.
It’s been suggested that over 300 apps are infected, with 31 of them so far identified (list below) …
- Angry Birds 2
- CamCard
- CamScanner
- Card Safe
- China Unicom Mobile Office
- CITIC Bank move card space
- Didi Chuxing developed by Uber’s biggest rival in China Didi Kuaidi
- Eyes Wide
- Flush
- Freedom Battle
- High German map
- Himalayan
- Hot stock market
- I called MT
- I called MT 2
- IFlyTek input
- Jane book
- Lazy weekend
- Lifesmart
- Mara Mara
- Marital bed
- Medicine to force
- Micro Channel
- Microblogging camera
- NetEase
- OPlayer
- Pocket billing
- Poor tour
- Quick asked the doctor
- Railway 12306 the only official app used for buying train tickets in China
- SegmentFault
- Stocks open class
- Telephone attribution assistant
- The driver drops
- The Kitchen
- Three new board
- Watercress reading
Although it’s unclear whether U.S. and European app stores have been affected, the safest course if you have any of the apps installed is to delete them and then download again from the App Store as and when available. Apple says that it has removed all the infected versions and is working with developers to get clean versions uploaded in their place.
Interestingly, a Snowden leak from the CIA’s internal wiki system suggested that the agency had considered using a modified version of Xcode as an attack vector.
Via Business Insider
FTC: We use income earning auto affiliate links. More.
Angry Birds is still available
wechat to
Because everyone, include the developer who downloaded the compromised Xcode, believed that the DMG file have some CheckSum method to insure the Apps are singed — There is GateKeeper in OS X, which designed to protect them from unsigned binary.
And Apple did not provided the MD5 or SHA1 result when you download Xcode 7 beta from developer web page.
The HTTP link of the downloading is not secure. They should use HTTPS instead. Or the company could be targeted MITM.
The most important reason is they assumed the OS X platform is secure and that all software are basically not injected with malware.
They should be more careful in the first place.
Yeah, last update was 9/14 – Listed as an Editor’s Choice
Wondering why Apple didn’t pull it down. If it disappears today, we will know it is bad, if not, I wonder if it is fine.
The app has already been fixed. The available version is not affected.
I downloaded AB2 on July 30 – was the hacked Xcode already out back then?
Be safe, erase and re-download.
If you downloaded it from the Chinese app store, yes.
Did you download the Chinese version? No? Then you have nothing to worry about.
Terrible breach of security, Apple is probably going to rewrite Xcode to keep from getting burned like this again.
Though, as always with Apple breaches, I am pleased with how quickly and how well they have responded to it. If they have the ability to remotely kill apps, like I think they do, this is the time to use it.
Rewriting Xcode would not prevent this from happening.
No, there are ways Apple could remotely verify the integrity of the copy of Xcode used to compile a given app. Some implementation of a checksum of Xcode components, etc.
The change in the submission process to bitcode rather than fully-compiled binaries should greatly help in identifying problems, too.
This wasn’t a problem with Xcode, it was an issue with developers downloading the compromised version of Xcode from a site other than Apple and using it to write their apps.
I know. But Apple is going to take this infiltration personally, I’ll bet. There’s going to be some kind of safe guard to prevent this from being possible in the future.
The real question is along with Apple, why did the companies all get screwed over? Did they not check their crap to make sure they got a real version of Xcode?
Apple maybe should have caught it, but the companies that were breached for sure should have caught it.
Apple have done really well to avoid such a attacks on App store. Even though App Store has over 1.2 million App its a really small number of apps that have Abit disappointed really..I have always critised android for its high security breaches. I think i will be avoid a few of my friends for couple days. Lol
its not about the number its about high profile devs like the people who behind AB2, WeChat etc not using signed software and not downloading direct form Apple. this could be a breach on their end regardless heads will be rolling and people will be fired today!
So, I, like many, have Angry Birds 2. I just deleted it. Changing my Apple ID password now. I have two factor authentication enabled, so am I at relatively low risk? Also, having deleted the “infected” app, am I safe once again?
Did you have the Chinese version? Then you didn’t have to worry.
Is it sensible to think that deleting these infected apps will remove the threat from your device? I doubt that. The door has been opened to whatever is now lurching in the depth of the iOS filesystem. I would reset the whole device, starting with new keys.
Apps are sandboxed. That’s not the app’s call, the OS isn’t allowing it to venture outside its walls.
not exactly true. Sometimes apps will ask for access to other parts of the file system (contacts, location data etc). the user grants access because they are thinking everything is legit.
That’s completely true. The app has permissions to access other parts of the OS like files and photos UNTIL it’s deleted. Then it loses those rights and is no longer a threat.
Angry Birds 2?! Why would such a high profile software company with one of the highest grossing game series on the App Store, use a pirated copy of Xcode?? In the voice of Yoda: No sense this makes.
Maybe there isn’t an Angry Birds 2… maybe the complete app is a Chinese counterfeit.
Yeah, that and the fact it is still available, I am wondering if it is the real one or not
It’s a Chinese version, not the same one you’ll get from the US or any European store.
Though a Dutch security company is reporting seeing malware traffic from the apps within Europe – see the update above.
Found in Europe because Chinese developers are of course free to list their apps in more than one store, just like other devs. I didn’t mean to imply that malware couldn’t be found outside of the one store, but that Angry Bird specifically in the Chinese app store is a different binary entirely and was compiled and uploaded from China, not from Rovio offices elsewhere like the US/rest of world version.
This is something unacceptable. If Steve Jobs is still alive, someone is gonna get fired, or maybe more.
If Steve jobs were alive the cancer would’ve spread to his brain making him even more egocentered and unbearable
So basically you.
I hate to break this to you, but Apple under Jobs had its own fair share of scandals and failures (remember “you’re holding it wrong?”)
So, all these “if Steve were here. . .” posts are nonsense.
We remember, and we remember that Jobs came out to point to the fact ALL phones have these issues, not just iPhone. But if you’re going to wrap your legs around it and expect calls to get through, then you’re an idiot.
Ben, you’ve done a bad cut and paste it seems. It’s 39 identified as of the 18th by Palo Alto and more from Fox-It, all referenced in the original post you linked. Also, “Angry Birds 2” is not one of the infected apps, but a local Chinese version is on the list.
So the US Version of Angry Birds 2 is safe?
Yes, it was always safe.
It appears the list is being updated regularly, with new apps as well as translations.
I know – it was last updated FRIDAY however. And I’m the one who posted the updated list herein the comments. Which has been trimmed by an admin to remove the names of the apps.
Angry Birds 2 is mentioned nowhere in the Palo Alto Networks list. Check the link.
The whole list of apps was originally in Mandarin, and is being gradually translated. Angry Birds 2 is there in Mandarin: 愤怒的小鸟2 2.1.1
Is there a separate version of Angry Birds 2 only available in Chinese? Is only the Chinese version infected?
I checked App Store on my iPhone and Angry Birds 2 there doesn’t list Chinese as an available language. However you can find a (clearly) Chinese version of it by googling “ios app store 愤怒的小鸟2”. Which leads to https://itunes.apple.com/sg/app/fen-nu-xiao-niao2-angry-birds/id880047117?l=zh&mt=8
Yes, it’s a different binary entirely.
Why is this the case? Something having to do with China specifically?
Luckily with the was iOS is designed the amount of information these cracked apps can get is extremely minimal. They can read your clipboard – that’s probably the worst one, and could potentially be bad if you are copy / pasting passwords, however the other stuff is extremely minor and still requires users permissions to access any sensitive data like photos and contacts.
Angry Birds 2 is still in the store!
See the update just posted, Wim.
The US/European version is not infected. It was a Chinese specific version co-branded with someone else that had the issue.
@benlovejoy Seems like it’s the XCode issue what we learned about from the Snowden leaks. I don’t understand why there’s no mention of this in the press.
e.g. http://www.theverge.com/2015/3/10/8181531/cia-tagets-apple-xcode-encryption
“Documents provided by former NSA contractor Edward Snowden detail a number of initiatives, including an attempt to crack encryption keys implanted into Apple’s mobile processor, and a method compromising Xcode — the Apple tool used to create the vast majority of iOS apps.”
May have just been inspired by that documented vector as it was originally presented in a talk in 2012.
Yes, an interesting thought –I’ll link to http://9to5mac.com/2015/03/10/cia-apple-encryption/
I feel fortunate to have not installed any of these apps.
“I wish to clarify that Rovio can confirm that only the Chinese build of Angry Birds 2 — available only on the App Store in Mainland China, Taiwan, Hong Kong and Macau — is vulnerable to the security issue. All other builds of Angry Birds 2 available in other countries are completely safe and secure. An update of Angry Birds 2 for customers in Mainland China, Taiwan, Hong Kong and Macau that fixes the issue is coming very shortly.”
Whew — Too bad I am too cautious. Changed my Apple ID Password. Which, with 4 Apple TVs, 2 iPads, a few iPods, a few Macs and a couple iPhones all connected to the account?
Is a major PitA
Oh, wow. Don’t ever try to access Apple’s Discussion forums online, then. They have a policy of expiring “old” (6 months?) passwords, but ONLY there. So, you’re happily humming along, with your Apple ID on multiple devices, when you make the mistake of trying to post something in Apple’s support forums. Guess what? You just caused yourself a big headache and waste of time.
Ugh.
Could things to note here.
1. This is NOTHING like what Android is going through. Android is open to full frontal attacks on individual phones. Plus Apple was able to repair the issue quickly and decisively. So now, there is no issue, unless your phone remains non-updated. Which is something much harder to fix on an Android device.
2. The attack was 99% on Chinese apps, not apps used in other countries. So a far majority of users would never have seen these problems.
Well, I don’t think things are quite as posted here. I have CamCard for example. It is in theory one of the identified apps. I have uninstalled it. However, while it has not been updated since April 2015 it is STILL available on the app store. So either:
– The US version was never infected
– The US version was and still is infected
– The last updated date is wrong
– ???
Dunno.
p.s. Why why why haven’t you updated the title of the post to remove Angry Birds 2 now that it is confirmed that the US version was never infected?
Best guess right now is that only the Chinese App Store was affected, but Apple hasn’t confirmed that, so the safest course remains to delete and reinstall any of the apps listed.