Apple Outlines Steps for Developers to Validate Xcode Following Malware Attack

by

Following last week's disclosure of new iOS malware called XcodeGhost, which arose from malicious versions of Xcode hosted on third-party servers, Apple has outlined instructions for developers to ensure the version of Xcode they are using is valid.

XcodeGhost-Featured
When downloading Xcode from the Mac App Store, or Apple's website so long as Gatekeeper is enabled, OS X automatically checks the app's code signature and validates it against Apple's code. If you must obtain Xcode elsewhere, follow these steps:

To verify the identity of your copy of Xcode run the following command in Terminal on a system with Gatekeeper enabled:
spctl --assess --verbose /Applications/Xcode.app

where /Applications/ is the directory where Xcode is installed. This tool performs the same checks that Gatekeeper uses to validate the code signatures of applications. The tool can take up to several minutes to complete the assessment for Xcode.

The tool should return the following result for a version of Xcode downloaded from the Mac App Store:
/Applications/Xcode.app: accepted
source=Mac App Store

and for a version downloaded from the Apple Developer web site, the result should read either
/Applications/Xcode.app: accepted
source=Apple

or

/Applications/Xcode.app: accepted
source=Apple System

Any result other than ‘accepted’ or any source other than ‘Mac App Store’, ‘Apple System’ or ‘Apple’ indicates that the application signature is not valid for Xcode. You should download a clean copy of Xcode and recompile your apps before submitting them for review.

Apple issued a statement in response to XcodeGhost over the weekend, noting that it has removed all infected apps it is aware of from the App Store and is working with developers to ensure they are using a legitimate version of Xcode.

"We’ve removed the apps from the App Store that we know have been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps."

XcodeGhost affected dozens, and possibly hundreds, of App Store apps. iPhone, iPad and iPod touch users should read what you need to know about XcodeGhost to learn more about the malware and how to keep yourself protected.

Tags: Xcode, XcodeGhost

Popular Stories

iPhone SE 4 Vertical Camera Feature

iPhone SE 4 Rumored to Use Same Rear Chassis as iPhone 16

Friday July 19, 2024 7:16 am PDT by
Apple will adopt the same rear chassis manufacturing process for the iPhone SE 4 that it is using for the upcoming standard iPhone 16, claims a new rumor coming out of China. According to the Weibo-based leaker "Fixed Focus Digital," the backplate manufacturing process for the iPhone SE 4 is "exactly the same" as the standard model in Apple's upcoming iPhone 16 lineup, which is expected to...
Read Full Article139 comments
iPhone 17 Plus Feature

iPhone 17 Lineup Specs Detail Display Upgrade and New High-End Model

Monday July 22, 2024 4:33 am PDT by
Key details about the overall specifications of the iPhone 17 lineup have been shared by the leaker known as "Ice Universe," clarifying several important aspects of next year's devices. Reports in recent months have converged in agreement that Apple will discontinue the "Plus" iPhone model in 2025 while introducing an all-new iPhone 17 "Slim" model as an even more high-end option sitting...
Read Full Article147 comments
iPhone 16 Pro Sizes Feature

iPhone 16 Series Is Just Two Months Away: Everything We Know

Monday July 15, 2024 4:44 am PDT by
Apple typically releases its new iPhone series around mid-September, which means we are about two months out from the launch of the iPhone 16. Like the iPhone 15 series, this year's lineup is expected to stick with four models – iPhone 16, iPhone 16 Plus, iPhone 16 Pro, and iPhone 16 Pro Max – although there are plenty of design differences and new features to take into account. To bring ...
Read Full Article129 comments
Apple TV Plus Feature 2 Magenta and Blue

Apple TV+ Curbs Costs After Expensive Projects Fail to Capture Viewers

Monday July 22, 2024 5:11 am PDT by
Apple is scaling back its Hollywood spending after investing over $20 billion in original programming with limited success, Bloomberg reports. This shift comes after the streaming service, which launched in 2019, struggled to capture a significant share of the market, accounting for only 0.2% of TV viewership in the U.S., compared to Netflix's 8%. Despite heavy investment, critical acclaim,...
Read Full Article318 comments
bsod

Microsoft Blames European Commission for Major Worldwide Outage

Monday July 22, 2024 11:55 am PDT by
Last Friday, a major CrowdStrike outage impacted PCs running Microsoft Windows, causing worldwide issues affecting airlines, retailers, banks, hospitals, rail networks, and more. Computers were stuck in continuous recovery loops, rendering them unusable. The failure was caused by an update to the CrowdStrike Falcon antivirus software that auto-installed on Windows 10 PCs, but Mac and Linux...
Read Full Article366 comments

Top Rated Comments

macduke Avatar
macduke
115 months ago
Apple should block any developers who used counterfeit versions from being able to submit to the App Store. This level of stupidity shouldn't be allowed on their platform.
Score: 22 Votes (Like | Disagree)
nagromme Avatar
nagromme
115 months ago
Band-Aid achieved. But it shouldn't be possible to do this in the first place--it's a security hole and one that could have been expected. Maybe have iTunes Connect only accept submissions from an unmodified Xcode? I'm not sure this is at all simple to implement, but I'm sure it's important to do so

Developers are to blame too--especially multi-person companies should know better. But the platform should still be protected from developers making mistakes--or being attacked in other as-yet-unknown ways that might make it possible to secretly modify their Xcode. After all, it's possible to choose to bypass the Mac's security features (like Gatekeeper), and some people have reasons to do so. Further checks from Apple's remote end are called for, I think.
Score: 6 Votes (Like | Disagree)
Icy1007 Avatar
Icy1007
115 months ago
Considering I am not an idiot and I downloaded Xcode from Apple's dev portal, I think my copy is clean.
Score: 5 Votes (Like | Disagree)
Jsameds Avatar
Jsameds
115 months ago
"Following last week's disclosure of new iOS malware called XcodeGhost ('https://www.macrumors.com/2015/09/20/xcodeghost-chinese-malware-faq/'), which arose from malicious versions of Xcode hosted on third-party servers, Apple has outlined instructions ('https://developer.apple.com/news/?id=09222015a') for developers to ensure the version of Xcode they are using is valid."


Step 1: Download Xcode from Apple.com


Congratulations, you now have a genuine version of Xcode ;)
Score: 5 Votes (Like | Disagree)
jasnw Avatar
jasnw
115 months ago
On a tangent, but a strongly related one, what's to keep whomever put the malicious Xcode out on Baidu in the first place from having a house stable of devs building malicious apps using their own Xcode? From what I've read, Apple was unable to catch these apps from being borked in the first place. I've long had a healthy skepticism about accessing any critical (financial, medical, etc) websites from a mobile device, now I'm positively paranoid about it.
Score: 5 Votes (Like | Disagree)
TMRJIJ Avatar
TMRJIJ
115 months ago
When you find that an app on that list ('https://forums.macrumors.com/threads/what-you-need-to-know-about-ios-malware-xcodeghost.1918784/#post-21896151') is in your Home Screen



Attachment Image
Score: 4 Votes (Like | Disagree)
Read All Comments