Still, with Apple's lack of transparency regarding how it validates the safety of files added to the App Store, there's at least minor cause for concern. Since the app doesn't attempt to abuse that MP3, and since the URL embedded in the MP3 isn't currently active, then our sources are right: There's no current threat to users from this particular app. It's a game that appears to have unintentionally embedded a corrupted MP3. But if Apple is merely scanning files it considers risky, the company may need to check more files for rogue code.Īgain, though, that's not what's happening with Simply Find It. If Apple does run each app and test it for such activity, it's well-equipped to detect such behavior. A malware link that never runs isn't a threat, and there are very legitimate ways of testing that won't find something like this if it isn't a valid exploit."Īll that said, though, "Without any transparency, we don't know," Mogull added.Ī developer could technically embed a mechanism within an app to open a compromised file-like day.mp3-and do something untoward with it. "Thus," says Mogull, "we don't know for sure if process worked or not. It's unclear how Apple tests apps, though, since that part of the process is opaque. ![]() "If Apple tested the app by running it in a sandbox and watching the app's activities, that would be more effective than scanning MP3s for malware strings," since testing the app by running it shows what actually happens in real-world use. Security expert (and occasional Macworld contributor) Rich Mogull says that the app is almost certainly harmless. The company sells numerous apps, and sells Simply Find It in the Mac App Store as well, where it is uninfected. Simply Game didn't respond to Macworld's request for comment, though it seems that iframe is embedded in that MP3 file unintentionally. In theory, though, malware could use a secretly-embedded iframe to load up a maliciously-crafted webpage you didn't intend to visit, and attempt to do various unpleasant things. In this case, the server that iframe points -isn't actually responding at this writing. That's an iframe, HTML code that embeds a remote webpage. But when I opened the MP3 in BBEdit, I found this snippet just at the end of the file: iframe src="" You can play it on your Mac, and it sounds fine. That's a fully functional audio file used in the game. I used Terminal to search the app for "iframe," and found a match in a single file: Payload/SpotDiffHD.app/day.mp3 When you unarchive Simply Find It, you can explore the app's package contents. ![]() (Two other free Mac antivirus apps, iAntivirus and ClamXav, both failed to notice anything amiss with the app.) It's not too much effort to figure out what Bitdefender is detecting in the app, either.Īs you may know, iOS apps are distributed as IPA files, which you can unzip using unarchiving apps on your Mac. Bitdefender warns of the presence of Trojan.JS.iframe.BKD in the game.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |