Apple is taking steps to avoid a repeat of this week’s serious XcodeGhost incident — in which hundreds of App Store apps were discovered to include malware in the form of a counterfeit version of Xcode, the platform used by developers to build their apps. The dodgy Xcode spread in China because it was quicker […]
Apple has added an XcodeGhost question and answer page to its Chinese website today that explains what the malware is, how some users may be affected and next steps the company is taking to ensure that developers and end users alike are protected against malicious software going forward.
Apple claims that it has no evidence to suggest that XcodeGhost has been used for anything malicious, such as the transmission of personally identifiable information, stipulating that the code is only able to deliver some general information about apps and system information.
Nevertheless, Apple says it is working closely with developers and will soon list the top 25 most popular apps impacted by XcodeGhost on its Chinese website. The company will also be alerting users to let them know if they have downloaded apps that could have been compromised. Many affected apps have since been updated and are no longer infected by XcodeGhost.
Customers will be receiving more information letting them know if they’ve downloaded an app / apps that could have been compromised. Once a developer updates their app, that will fix the issue on the user’s device once they apply that update.
As a precautionary measure, it is still recommended that users who installed any of the compromised apps identified to date reset their iCloud and account passwords used on their iOS devices. iPhone, iPad and iPod touch users should read our XcodeGhost FAQ to learn more about the malware and how to keep yourself protected.
Apple also outlined steps for developers to validate Xcode using Terminal on OS X.
Developers who have downloaded Xcode from an non-Apple source now have a way to tell if the version their using is an official Apple version, or if it might be infected by XcodeGhost, which wreaked havoc on the App Store on Sunday. Apple has outlined how to verify if you’re using a counterfeit version of […]
Following last week’s disclosure of new iOS malware called XcodeGhost, which arose from malicious versions of Xcode hosted on third-party servers, Apple has outlined instructions for developers to ensure the version of Xcode they are using is valid.
When downloading Xcode from the Mac App Store, or Apple’s website so long as Gatekeeper is enabled, OS X automatically checks the app’s code signature and validates it against Apple’s code. If you must obtain Xcode elsewhere, follow these steps:
To verify the identity of your copy of Xcode run the following command in Terminal on a system with Gatekeeper enabled:
spctl –assess –verbose /Applications/Xcode.app
where /Applications/ is the directory where Xcode is installed. This tool performs the same checks that Gatekeeper uses to validate the code signatures of applications. The tool can take up to several minutes to complete the assessment for Xcode.
The tool should return the following result for a version of Xcode downloaded from the Mac App Store:
source=Mac App Store
and for a version downloaded from the Apple Developer web site, the result should read either
Any result other than ‘accepted’ or any source other than ‘Mac App Store’, ‘Apple System’ or ‘Apple’ indicates that the application signature is not valid for Xcode. You should download a clean copy of Xcode and recompile your apps before submitting them for review.
Apple issued a statement in response to XcodeGhost over the weekend, noting that it has removed all infected apps it is aware of from the App Store and is working with developers to ensure they are using a legitimate version of Xcode.
„We’ve removed the apps from the App Store that we know have been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps.“
XcodeGhost affected dozens, and possibly hundreds, of App Store apps. iPhone, iPad and iPod touch users should read what you need to know about XcodeGhost to learn more about the malware and how to keep yourself protected.
Apple is removing hundreds of apps from the App Store after discovering that they contain a malicious program called XcodeGhost. In the entire lifespan of the App Store, Apple has only previously found five malicious apps — making this easily the single biggest security lapse in App Store history. Apple has declined to say exactly […]