As you probably know by now, several apps were infected with the XcodeGhost malware because developers based in China used a malicious version of Xcode, Apple’s official tool for developing iOS and OS X apps. With more than 500 million users affected, XcodeGhost is the biggest security breach to hit iOS.
Apple has now sent out emails to developers to explain how they should validate their version of Xcode to prevent such incidents in the future.
We recently removed apps from the App Store that were built with a counterfeit version of Xcode which had the potential to cause harm to customers. You should always download Xcode directly from the Mac App Store, or from the Apple Developer website, and leave Gatekeeper enabled on all your systems to protect against tampered software.
Gatekeeper automatically checks the code signature for Xcode and validates that it is code signed by Apple. However, if developers have downloaded Xcode from another source then they should follow these steps to verify the integrity of their version of Xcode:
To verify the identity of your copy of Xcode run the following command in Terminal on a system with Gatekeeper enabled:
spctl –assess –verbose /Applications/Xcode.appwhere /Applications/ is the directory where Xcode is installed. This tool performs the same checks that Gatekeeper uses to validate the code signatures of applications. The tool can take up to several minutes to complete the assessment for Xcode.
The tool should return the following result for a version of Xcode downloaded from the Mac App Store:
/Applications/Xcode.app: accepted
source=Mac App Storeand for a version downloaded from the Apple Developer web site, the result should read either
/Applications/Xcode.app: accepted
source=Appleor
/Applications/Xcode.app: accepted
source=Apple SystemAny result other than ‘accepted’ or any source other than ‘Mac App Store’, ‘Apple System’ or ‘Apple’ indicates that the application signature is not valid for Xcode. You should download a clean copy of Xcode and recompile your apps before submitting them for review.
It was surprising that the iOS apps infected with the malware got past Apple’s stringent App Review process. So it remains to be seen what steps Apple will take to verify the apps that are submitted to the App Store do not contain the malware.
You can use Pangu team’s tool to find out if apps installed on your iOS device are infected with XcodeGhost malware.
[via Apple]