Updated: AppAdvice has received clarification from Rovio about which builds of Angry Birds 2 were affected by XcodeGhost. According to Joseph Knowles, communications manager for Rovio, it was the Chinese build affected:
Rovio can confirm that the Chinese build of Angry Birds 2, which was available only on the App Store in Mainland China, Taiwan, Hong Kong and Macau, was one of the iOS apps made vulnerable to the security issue. All other builds of Angry Birds 2 available in all other territories are completely safe and secure.
An update of Angry Birds 2 that fixes the issue for users of the Chinese edition is coming very shortly.
On Sept. 20, 9to5Mac and others revealed that hundreds of iOS programs on the App Store had been infected with malware. The piece of malicious software, XcodeGhost, was downloaded by Chinese developers in a fake copy of the Xcode programming environment necessary for building binaries for the App Store. Security company Palo Alto Networks has published a list of some of the infected apps, which includes Angry Birds 2. Unfortunately, said list is almost entirely in Chinese, but we have confirmed that it includes Rovio’s popular title as well as WeChat.
According to an earlier report from Palo Alto Networks, this is the sixth malware infection that has made it past Apple’s security checks and onto the App Store. It’s described as the first to be spread via the Xcode compiler itself. More than 300 apps are believed to be infected, which is something Apple has insisted could never happen. So how did the infection take place?
It is believed that Chinese developers unwittingly got the fake copy of Xcode from local servers because those sites offered faster downloads than Apple’s own sources in the United States. The biggest question, though, is why Apple’s security scans didn’t pick up on the malware during the app review process? Apple’s not saying, for pretty obvious reasons. It’s troubling, though, and I hope Apple learns from this and builds stronger procedures to stop this from happening again.
If you have Angry Birds 2, WeChat, or any of the other infected apps on your iPhone, the best thing to do is delete them and then redownload the apps once new versions are available. Apple insists that it has removed all of the infected versions and is working with developers to get clean copies uploaded instead.