Apple posts XcodeGhost Q&A, lists affected apps

Apple has posted a Q&A on XcodeGhost, the counterfeit software development kit that was used to create malicious apps that were able to be released on the App Store. As expected, the Q&A emphasizes that the problem was created by developers downloading iOS software development tools from third-party sites, rather than Apple’s, but also interestingly notes that OS X protections that Apple has put in place — such as Gatekeeper — had to be “deliberately disabled by the developer for something like XcodeGhost to successfully install.” The Q&A also notes that Apple has no reason to believe that the code was ever actually used to do anything malicious, or that any personally identifiable information could have been transmitted, and that it “did not have the ability to request customer credentials to gain iCloud and other service passwords” as some other reports had suggested.
Apple’s document also identifies the top 25 apps that were created with the counterfeit XcodeGhost SDK, and while most apps are relatively obscure, WeChat is a popular app that appears on the list. As we suspected, earlier reports that the popular “Angry Birds 2” was impacted also appear to be incorrect, as the app included on this list appears to be a clone or localized version of Angry Birds titled “Angry Bird 2 – Yifeng Li’s Favorite”, which Apple notes is no longer available on the App Store at all. Most of the other apps have reappeared on the App Store in clean form, so affected users can safely update to these versions. Apple notes that “after the top 25 impacted apps, the number of impacted users drops significantly”, but that it does plan to update the page with more information as it becomes available.