Apple Outlines Steps for Developers to Validate Xcode Following Malware Attack

by

Following last week's disclosure of new iOS malware called XcodeGhost, which arose from malicious versions of Xcode hosted on third-party servers, Apple has outlined instructions for developers to ensure the version of Xcode they are using is valid.

XcodeGhost-Featured
When downloading Xcode from the Mac App Store, or Apple's website so long as Gatekeeper is enabled, OS X automatically checks the app's code signature and validates it against Apple's code. If you must obtain Xcode elsewhere, follow these steps:

To verify the identity of your copy of Xcode run the following command in Terminal on a system with Gatekeeper enabled:
spctl --assess --verbose /Applications/Xcode.app

where /Applications/ is the directory where Xcode is installed. This tool performs the same checks that Gatekeeper uses to validate the code signatures of applications. The tool can take up to several minutes to complete the assessment for Xcode.

The tool should return the following result for a version of Xcode downloaded from the Mac App Store:
/Applications/Xcode.app: accepted
source=Mac App Store

and for a version downloaded from the Apple Developer web site, the result should read either
/Applications/Xcode.app: accepted
source=Apple

or

/Applications/Xcode.app: accepted
source=Apple System

Any result other than ‘accepted’ or any source other than ‘Mac App Store’, ‘Apple System’ or ‘Apple’ indicates that the application signature is not valid for Xcode. You should download a clean copy of Xcode and recompile your apps before submitting them for review.

Apple issued a statement in response to XcodeGhost over the weekend, noting that it has removed all infected apps it is aware of from the App Store and is working with developers to ensure they are using a legitimate version of Xcode.

"We’ve removed the apps from the App Store that we know have been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps."

XcodeGhost affected dozens, and possibly hundreds, of App Store apps. iPhone, iPad and iPod touch users should read what you need to know about XcodeGhost to learn more about the malware and how to keep yourself protected.

Tags: Xcode, XcodeGhost

Popular Stories

carplay next gen hero

RIP, CarPlay 2?

Sunday December 29, 2024 7:32 am PST by
Apple's website continues to state that the first vehicle models with next-generation CarPlay will "arrive in 2024." With less than three days remaining in the year, however, that timeframe is looking more and more unlikely. It would not be entirely Apple's fault if the stated 2024 target is missed, given that it is ultimately up to automakers to roll out the software in vehicles, but it is...
Read Full Article
Apple Intelligence General Feature 2

Five Apple Intelligence Features Coming in 2025

Friday December 27, 2024 2:43 pm PST by
Even though iOS 18.1 and iOS 18.2 added multiple Apple Intelligence features like Image Playground, Genmoji, Writing Tools, and more, there are still new Apple Intelligence capabilities that we're waiting on. Apple has at least one more major Apple Intelligence update coming in 2025, and the functionality that we're expecting is outlined below. Priority Notifications Notification summaries...
Read Full Article112 comments
apple tv plus teaser

Apple Teases Apple TV+ Surprise on January 4 and 5

Thursday December 26, 2024 10:35 am PST by
Apple this week began teasing some kind of upcoming Apple TV+ surprise that's set to happen on January 4 and January 5, telling customers to "stay tuned" and "save the date" in social media posts. Apple's images have a tagline that says "See for yourself," but it isn't clear what Apple has planned. Some users on Reddit have speculated that Apple might be planning to launch a promotion that...
Read Full Article58 comments
New Things Your iPhone Can Do in iOS 18

22 New Things Your iPhone Can Do in iOS 18.2

Monday December 23, 2024 6:30 am PST by
Apple released iOS 18.2 in the second week of December, bringing the second round of Apple Intelligence features to iPhone 15 Pro and iPhone 16 models. This update brings several major advancements to Apple's AI integration, including completely new image generation tools and a range of Visual Intelligence-based enhancements. Apple has added a handful of new non-AI related feature controls as...
Read Full Article28 comments
Sudoku Apple News iOS 18

iOS 18.2 Added a New Game to Your iPhone

Saturday December 28, 2024 12:03 pm PST by
Starting with iOS 18.2, released earlier this month, Apple News+ subscribers in the U.S. have access to daily sudoku puzzles in the Apple News app. There are easy, moderate, and challenging difficulty levels for the daily puzzles. A scoreboard tracks your sudoku stats, including your total number of puzzles solved, fastest completion times per difficulty level, and more. Sudoku is the...
Read Full Article
AirTag and Lavender iPhone

AirTag 2 Launching Next Year With These New Features

Tuesday December 24, 2024 8:35 am PST by
Apple is expected to release an AirTag 2 next year, and a few new features and changes have already been rumored for the item tracker. Below, we recap what to expect from the AirTag 2: The new AirTag is expected to be equipped with Apple's second-generation Ultra Wideband chip for longer range. The chip debuted last year in the iPhone 15 and the Apple Watch Ultra 2, and Apple said it...
Read Full Article28 comments
Generic iOS 19 Feature Mock Light

iOS 19 Rumored to Be Compatible With These iPhones

Sunday December 22, 2024 8:09 am PST by
iOS 19 will not drop support for any iPhone models, according to French website iPhoneSoft.fr. The report cites a source within Apple. The report said that iOS 19 will be compatible with any iPhone that is capable of running iOS 18, which would mean the following models: iPhone 16 iPhone 16 Plus iPhone 16 Pro iPhone 16 Pro Max iPhone 15 iPhone 15 Plus iPhone 15 Pro ...
Read Full Article132 comments
airpods pro 2 gradient

AirPods Pro 3 Expected Next Year: Here's What We Know

Monday December 23, 2024 4:18 am PST by
Despite being released over two years ago, Apple's AirPods Pro 2 continue to dominate the wireless earbud market. However, with the AirPods Pro 3 expected to launch sometime in 2025, anyone thinking of buying Apple's premium earbuds may be wondering if the next generation is worth holding out for. Apart from their audio and noise-canceling performance, which are generally regarded as...
Read Full Article64 comments

Top Rated Comments

macduke Avatar
macduke
121 months ago
Apple should block any developers who used counterfeit versions from being able to submit to the App Store. This level of stupidity shouldn't be allowed on their platform.
Score: 22 Votes (Like | Disagree)
nagromme Avatar
nagromme
121 months ago
Band-Aid achieved. But it shouldn't be possible to do this in the first place--it's a security hole and one that could have been expected. Maybe have iTunes Connect only accept submissions from an unmodified Xcode? I'm not sure this is at all simple to implement, but I'm sure it's important to do so

Developers are to blame too--especially multi-person companies should know better. But the platform should still be protected from developers making mistakes--or being attacked in other as-yet-unknown ways that might make it possible to secretly modify their Xcode. After all, it's possible to choose to bypass the Mac's security features (like Gatekeeper), and some people have reasons to do so. Further checks from Apple's remote end are called for, I think.
Score: 6 Votes (Like | Disagree)
Icy1007 Avatar
Icy1007
121 months ago
Considering I am not an idiot and I downloaded Xcode from Apple's dev portal, I think my copy is clean.
Score: 5 Votes (Like | Disagree)
Jsameds Avatar
Jsameds
121 months ago
"Following last week's disclosure of new iOS malware called XcodeGhost ('https://www.macrumors.com/2015/09/20/xcodeghost-chinese-malware-faq/'), which arose from malicious versions of Xcode hosted on third-party servers, Apple has outlined instructions ('https://developer.apple.com/news/?id=09222015a') for developers to ensure the version of Xcode they are using is valid."


Step 1: Download Xcode from Apple.com


Congratulations, you now have a genuine version of Xcode ;)
Score: 5 Votes (Like | Disagree)
jasnw Avatar
jasnw
121 months ago
On a tangent, but a strongly related one, what's to keep whomever put the malicious Xcode out on Baidu in the first place from having a house stable of devs building malicious apps using their own Xcode? From what I've read, Apple was unable to catch these apps from being borked in the first place. I've long had a healthy skepticism about accessing any critical (financial, medical, etc) websites from a mobile device, now I'm positively paranoid about it.
Score: 5 Votes (Like | Disagree)
TMRJIJ Avatar
TMRJIJ
121 months ago
When you find that an app on that list ('https://forums.macrumors.com/threads/what-you-need-to-know-about-ios-malware-xcodeghost.1918784/#post-21896151') is in your Home Screen



Attachment Image
Score: 4 Votes (Like | Disagree)
Read All Comments