Apple to Developers: How to check if your version of Xcode is affected by ‘XcodeGhost’

BY Gautam Prabhu

Published 22 Sep 2015

As you probably know by now, several apps were infected with the XcodeGhost malware because developers based in China used a malicious version of Xcode, Apple’s official tool for developing iOS and OS X apps. With more than 500 million users affected, XcodeGhost is the biggest security breach to hit iOS.

Apple has now sent out emails to developers to explain how they should validate their version of Xcode to prevent such incidents in the future.

We recently removed apps from the App Store that were built with a counterfeit version of Xcode which had the potential to cause harm to customers. You should always download Xcode directly from the Mac App Store, or from the Apple Developer website, and leave Gatekeeper enabled on all your systems to protect against tampered software.

Gatekeeper automatically checks the code signature for Xcode and validates that it is code signed by Apple. However, if developers have downloaded Xcode from another source then they should follow these steps to verify the integrity of their version of Xcode:

To verify the identity of your copy of Xcode run the following command in Terminal on a system with Gatekeeper enabled:
spctl –assess –verbose /Applications/Xcode.app

where /Applications/ is the directory where Xcode is installed. This tool performs the same checks that Gatekeeper uses to validate the code signatures of applications. The tool can take up to several minutes to complete the assessment for Xcode.

The tool should return the following result for a version of Xcode downloaded from the Mac App Store:
/Applications/Xcode.app: accepted
source=Mac App Store

and for a version downloaded from the Apple Developer web site, the result should read either
/Applications/Xcode.app: accepted
source=Apple

or

/Applications/Xcode.app: accepted
source=Apple System

Any result other than ‘accepted’ or any source other than ‘Mac App Store’, ‘Apple System’ or ‘Apple’ indicates that the application signature is not valid for Xcode. You should download a clean copy of Xcode and recompile your apps before submitting them for review.

It was surprising that the iOS apps infected with the malware got past Apple’s stringent App Review process. So it remains to be seen what steps Apple will take to verify the apps that are submitted to the App Store do not contain the malware.

You can use Pangu team’s tool to find out if apps installed on your iOS device are infected with XcodeGhost malware.

[via Apple]

Want to know more about Apple Products?

We launch new articles subscribe and get updated. MAX 1 email a week. No spam, ever.

Apple Enforces Exclusivity, Bans 22 Rival Brands Near First Retail Store in India

Sriansh

Don’t Hang Up During Accidental Crash Detection Calls, says Apple

Dave Johnson

Users Reporting Issues With Continuity Features on macOS 13.3 and iPadOS 16.4

Sriansh

Apple Says It’s Closer to a Completely Carbon-Neutral Supply Chain

Dave Johnson

IPAD PRO 2

Oct 30, 2016

11 Must Have Apps for Apple Pencil and iPad Pro Users

Khamosh Pathak

iPad Pro is a beast of a machine. Yes, it runs iOS but don’t let that fool you. iOS has many ways to be productive and for doing creative work. Granted, it’s different

MACOS

Jun 13, 2016

‘Apple File System’ Is the Company’s New File System for watchOS, iOS, tvOS, and macOS

Smidh

It has long been rumored that Apple is working on a new file system to replace the archaic HFS+ file system that macOS currently uses. The company was expected to announce a new file system

APPLE NEWS

Mar 16, 2015

‘Apple Global Volunteer Program’ will let employees sign up to help local communities

Evan Selleck

Apple is no stranger to donating large sums of money to a cause, or to even help diversification within the tech industry. But now it's aiming to donate some individual human hours as well,