• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Following XcodeGhost Malware Scare, Apple Tells Developers to Use Legitimate Xcode Software Only


    XcodeGhost is something that has been making headlines on Apple news sites for at least the past week, as it's something that has been plaguing the App Store, which is accessed by millions of iOS devices each day, and is posing a threat to users that download applications from it.

    XcodeGhost is a form of malware that appears to stem from applications for iOS that are built with a counterfeit version of Xcode that developers in other countries appear to be getting from shady third-party sources because they don't want to wait for the slow download speed to get Xcode directly from Apple. Many applications have been affected, including WeChat and CamCard, both of which are popular applications.

    As a result of this malware issue, Apple has released a statement to developers on Tuesday warning them of the issues with downloading counterfeit copies of Xcode. Apple notes that Xcode should only be downloaded from Apple's own Web site, so that applications made with the development tools do not put the information of its users in harm's way.

    The statement also says that Apple has removed applications from the App Store that were built using this counterfeit version of Xcode, and this will likely be the result of all of the applications Apple finds that were built using a counterfeit version of Xcode. Apple notes that the Mac App Store makes a specific check to ensure that the version of Xcode they're downloading is legitimate and not counterfeit, and also notes that enabling Gatekeeper on their Mac is a great way to keep themselves protected from building applications with the XcodeGhost malware.

    Apple also shares a handy tip for developers so they can know whether they're running a legitimate or counterfeit version of Xcode on their machines:

    Quote Originally Posted by Apple
    We recently removed apps from the App Store that were built with a counterfeit version of Xcode which had the potential to cause harm to customers. You should always download Xcode directly from the Mac App Store, or from the Apple Developer website, and leave Gatekeeper enabled on all your systems to protect against tampered software.

    When you download Xcode from the Mac App Store, OS X automatically checks the code signature for Xcode and validates that it is code signed by Apple. When you download Xcode from the Apple Developer website, the code signature is also automatically checked and validated by default as long as you have not disabled Gatekeeper.

    Whether you downloaded Xcode from Apple or received Xcode from another source, such as a USB or Thunderbolt disk, or over a local network, you can easily verify the integrity of your copy of Xcode.

    To verify the identity of your copy of Xcode run the following command in Terminal on a system with Gatekeeper enabled:
    spctl --assess --verbose /Applications/Xcode.app

    where /Applications/ is the directory where Xcode is installed. This tool performs the same checks that Gatekeeper uses to validate the code signatures of applications. The tool can take up to several minutes to complete the assessment for Xcode.

    The tool should return the following result for a version of Xcode downloaded from the Mac App Store:
    /Applications/Xcode.app: accepted
    source=Mac App Store

    and for a version downloaded from the Apple Developer web site, the result should read either
    /Applications/Xcode.app: accepted
    source=Apple

    or

    /Applications/Xcode.app: accepted
    source=Apple System

    Any result other than ‘accepted’ or any source other than ‘Mac App Store’, ‘Apple System’ or ‘Apple’ indicates that the application signature is not valid for Xcode. You should download a clean copy of Xcode and recompile your apps before submitting them for review.
    Source: Apple
    This article was originally published in forum thread: Following XcodeGhost Malware Scare, Apple Tells Developers to Use Legitimate Xcode Only started by Anthony Bouchard View original post
    Comments 2 Comments
    1. kickerman65's Avatar
      kickerman65 -
      So how is the average user supposed to know if they have installed any of these infected apps? Some people install tons of apps. How are they ever supposed to know?
    1. Anthony Bouchard's Avatar
      Anthony Bouchard -
      Quote Originally Posted by kickerman65 View Post
      So how is the average user supposed to know if they have installed any of these infected apps? Some people install tons of apps. How are they ever supposed to know?
      I believe we posted a list of apps that are infected that you can check yourself against. I honestly have no idea how Apple plans to warn everyone else.