Apple Outlines Steps for Developers to Validate Xcode Following Malware Attack

by

Following last week's disclosure of new iOS malware called XcodeGhost, which arose from malicious versions of Xcode hosted on third-party servers, Apple has outlined instructions for developers to ensure the version of Xcode they are using is valid.

XcodeGhost-Featured
When downloading Xcode from the Mac App Store, or Apple's website so long as Gatekeeper is enabled, OS X automatically checks the app's code signature and validates it against Apple's code. If you must obtain Xcode elsewhere, follow these steps:

To verify the identity of your copy of Xcode run the following command in Terminal on a system with Gatekeeper enabled:
spctl --assess --verbose /Applications/Xcode.app

where /Applications/ is the directory where Xcode is installed. This tool performs the same checks that Gatekeeper uses to validate the code signatures of applications. The tool can take up to several minutes to complete the assessment for Xcode.

The tool should return the following result for a version of Xcode downloaded from the Mac App Store:
/Applications/Xcode.app: accepted
source=Mac App Store

and for a version downloaded from the Apple Developer web site, the result should read either
/Applications/Xcode.app: accepted
source=Apple

or

/Applications/Xcode.app: accepted
source=Apple System

Any result other than ‘accepted’ or any source other than ‘Mac App Store’, ‘Apple System’ or ‘Apple’ indicates that the application signature is not valid for Xcode. You should download a clean copy of Xcode and recompile your apps before submitting them for review.

Apple issued a statement in response to XcodeGhost over the weekend, noting that it has removed all infected apps it is aware of from the App Store and is working with developers to ensure they are using a legitimate version of Xcode.

"We’ve removed the apps from the App Store that we know have been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps."

XcodeGhost affected dozens, and possibly hundreds, of App Store apps. iPhone, iPad and iPod touch users should read what you need to know about XcodeGhost to learn more about the malware and how to keep yourself protected.

Tags: Xcode, XcodeGhost

Popular Stories

iPhone Top Left Hole Punch Face ID Feature Purple

iPhone 18 Pro Launching Later This Year With These 12 New Features

Thursday January 15, 2026 10:56 am PST by
While the iPhone 18 Pro and iPhone 18 Pro Max are not expected to launch for another eight months, there are already plenty of rumors about the devices. Below, we have recapped 12 features rumored for the iPhone 18 Pro models, as of January 2026: The same overall design is expected, with 6.3-inch and 6.9-inch display sizes, and a "plateau" housing three rear cameras Under-screen Face ID...
Read Full Article70 comments
iPhone Top Left Hole Punch Face ID Feature Purple

New Leak Reveals iPhone 18 Pro Display Sizes, Under-Screen Face ID, and More

Wednesday January 14, 2026 7:09 am PST by
While the iPhone 18 Pro models are still around eight months away, a leaker has shared some alleged details about the devices. In a post on Chinese social media platform Weibo this week, the account Digital Chat Station said the iPhone 18 Pro and iPhone 18 Pro Max will have the same 6.3-inch and 6.9-inch display sizes as the iPhone 17 Pro and iPhone 17 Pro Max. Consistent with previous...
Read Full Article64 comments
Verizon New

Verizon is Down: iPhones Show 'SOS' Mode Due to Network Outage [Resolved]

Wednesday January 14, 2026 10:18 am PST by
Verizon is experiencing a major outage across the U.S. today, with hundreds of thousands of customers reporting issues with the network on the website Downdetector. There are also complaints across Reddit and other social media platforms. iPhone users and others with Verizon service are generally unable to make phone calls, send text messages, or use data over 5G or LTE due to the outage....
Read Full Article143 comments
2024 iPhone Boxes Feature

Apple Adjusts Trade-In Values for iPhones, Macs, and More

Thursday January 15, 2026 11:19 am PST by
Apple today updated its trade-in values for select iPhone, iPad, Mac, and Apple Watch models. Trade-ins can be completed on Apple's website, or at an Apple Store. The charts below provide an overview of Apple's current and previous trade-in values in the United States, according to the company's website. Most of the values declined slightly, but some of the Mac values increased. iPhone ...
Read Full Article54 comments
maxresdefault

Google Gemini-Powered Siri Will Reportedly Have These 7 New Features

Tuesday January 13, 2026 7:52 pm PST by
Apple and Google this week announced that Gemini will help power a more personalized Siri, and The Information has provided more details. Subscribe to the MacRumors YouTube channel for more videos. As soon as this spring, the report said the revamped version of Siri will be able to… Answer more factual/world knowledge questions in a conversational manner Tell more stories Provide...
Read Full Article228 comments

Top Rated Comments

macduke Avatar
macduke
135 months ago
Apple should block any developers who used counterfeit versions from being able to submit to the App Store. This level of stupidity shouldn't be allowed on their platform.
Score: 22 Votes (Like | Disagree)
nagromme Avatar
nagromme
135 months ago
Band-Aid achieved. But it shouldn't be possible to do this in the first place--it's a security hole and one that could have been expected. Maybe have iTunes Connect only accept submissions from an unmodified Xcode? I'm not sure this is at all simple to implement, but I'm sure it's important to do so

Developers are to blame too--especially multi-person companies should know better. But the platform should still be protected from developers making mistakes--or being attacked in other as-yet-unknown ways that might make it possible to secretly modify their Xcode. After all, it's possible to choose to bypass the Mac's security features (like Gatekeeper), and some people have reasons to do so. Further checks from Apple's remote end are called for, I think.
Score: 6 Votes (Like | Disagree)
Icy1007 Avatar
Icy1007
135 months ago
Considering I am not an idiot and I downloaded Xcode from Apple's dev portal, I think my copy is clean.
Score: 5 Votes (Like | Disagree)
Jsameds Avatar
Jsameds
135 months ago
"Following last week's disclosure of new iOS malware called XcodeGhost ('https://www.macrumors.com/2015/09/20/xcodeghost-chinese-malware-faq/'), which arose from malicious versions of Xcode hosted on third-party servers, Apple has outlined instructions ('https://developer.apple.com/news/?id=09222015a') for developers to ensure the version of Xcode they are using is valid."


Step 1: Download Xcode from Apple.com


Congratulations, you now have a genuine version of Xcode ;)
Score: 5 Votes (Like | Disagree)
jasnw Avatar
jasnw
135 months ago
On a tangent, but a strongly related one, what's to keep whomever put the malicious Xcode out on Baidu in the first place from having a house stable of devs building malicious apps using their own Xcode? From what I've read, Apple was unable to catch these apps from being borked in the first place. I've long had a healthy skepticism about accessing any critical (financial, medical, etc) websites from a mobile device, now I'm positively paranoid about it.
Score: 5 Votes (Like | Disagree)
TMRJIJ Avatar
TMRJIJ
135 months ago
When you find that an app on that list ('https://forums.macrumors.com/threads/what-you-need-to-know-about-ios-malware-xcodeghost.1918784/#post-21896151') is in your Home Screen



Attachment Image
Score: 4 Votes (Like | Disagree)
Read All Comments