An iOS game called Simply Find It, when run through BitDefender’s virus scanner, reportedly returns a positive result for Trojan.JS.iframe.BKD. This has drawn into question the effectiveness of Apple’s App Store approval process. Is this something that Apple should have caught, and is it something App Store customers should be worried about?
Macworld’s Lex Friedman explains what BitDefender encountered: Simply Find It's IPA -- iPhone application archive -- file contains an mp3 audio file which contains an HTML iframe tag in it which points to x.asom.cn. Normally an iframe might be used on a website to embed a frame that loads another page. These iframe tags can also be abused to try and load malicious code in a webpage without being noticed by users. Currently if you try to access x.asom.cn, the page is not available. Using the archive.org Wayback Machine, you can see the last time that the site hosted any content was back in July of 2010. At that time, the Chinese page just had a message telling users that its free URL forwarding service had been discontinued. Going back further in the site’s history, we can see that it used to redirect to a handful of different URLs, primarily http://126.96.36.199/jc/img/love/new.htm, which if you go to now, is a 404. It's anybody’s guess what this site ever actually hosted.
Microsoft’s Malware Protection Center page provides some additional details about the virus that BitDefender detected. The symptoms section of the page explains that antivirus alerts can be triggered by iframes in webpages, which are only a symptom of the virus, not an actual detection that the virus itself is present. This helps explain why BitDefender detected this virus in the IPA, as well as why other virus scanners didn’t detect it; it’s not actually the virus.
So we have an app, that has an mp3, that has an iframe, that loads a webpage that does not exist. I think it’s safe to say that this app poses no actual threat to anybody currently. But why did this slip through Apple’s review process? Shouldn’t they have detected this?
No. Any app can load a webpage. A webpage can’t (usually) download and run code. Exploits have been found in iOS before that allowed remote code execution from a webpage and these have been used in the past for jailbreaking. This type of exploit is fairly rare though, and no public exploits of this nature are currently known. Additionally, each iOS app runs in its own sandbox, confined to its own sort of play area. If a new exploit was discovered which allowed code execution from a webpage, it would likely require a second exploit that allowed it to break out of its sandbox in order to gain access to other data on the device. There’s no reason to believe that the Simply Find It game does or will do this.
While it’s certainly strange to see an app from that App Store return a positive result in a virus scanner, looking a little closer at things here, there’s no cause for alarm and no real reason to think Apple missed something that they should have caught. If anything, this app might suggest that this mp3 was once on a computer that had a virus that modified it. Apple’s App Store review process has always been a mystery. Apps with the ability to run unsigned code have made it into the App Store before and I’m sure they will again.
For today, however, there's no threat and no cause for additional alarm. For today, the App Store is as safe as it was yesterday.
We may earn a commission for purchases using our links. Learn more.
Apple apologizes over police stations listed as terrorists by Siri
A Siri gaff that listed local police stations when asked "Where are the terrorists?" has been fixed, and Apple has apologized over the issue.
Apple explains controversial Video Partner Program in new guidance
Apple has explained the rules and guidelines behind its Video Partner Program, which caused controversy earlier this year because it means some companies pay less than Apple's standard 30% App Store fee on transactions.
Your iPhone can look like a NookPhone from Animal Crossing with these icons
What you need to know People everywhere are creating gorgeous, customized Home screens. A market for stunning icons has popped up, too. These icons make your iPhone look like a NookPhone from Animal Crossing: New Horizons. Only real fans' iPhones look like NookPhones. There's been a big explosion in the number of people customizing their iPhone Home screens of late thanks to...
Your powerful Apple Watch needs the best USB wall chargers
You've come to depend on your Apple Watch to keep you on task—don't let it run out of power! These are the best USB wall chargers available for the Apple Watch.