Apple Outlines Steps for Developers to Validate Xcode Following Malware Attack

by

Following last week's disclosure of new iOS malware called XcodeGhost, which arose from malicious versions of Xcode hosted on third-party servers, Apple has outlined instructions for developers to ensure the version of Xcode they are using is valid.

XcodeGhost-Featured
When downloading Xcode from the Mac App Store, or Apple's website so long as Gatekeeper is enabled, OS X automatically checks the app's code signature and validates it against Apple's code. If you must obtain Xcode elsewhere, follow these steps:

To verify the identity of your copy of Xcode run the following command in Terminal on a system with Gatekeeper enabled:
spctl --assess --verbose /Applications/Xcode.app

where /Applications/ is the directory where Xcode is installed. This tool performs the same checks that Gatekeeper uses to validate the code signatures of applications. The tool can take up to several minutes to complete the assessment for Xcode.

The tool should return the following result for a version of Xcode downloaded from the Mac App Store:
/Applications/Xcode.app: accepted
source=Mac App Store

and for a version downloaded from the Apple Developer web site, the result should read either
/Applications/Xcode.app: accepted
source=Apple

or

/Applications/Xcode.app: accepted
source=Apple System

Any result other than ‘accepted’ or any source other than ‘Mac App Store’, ‘Apple System’ or ‘Apple’ indicates that the application signature is not valid for Xcode. You should download a clean copy of Xcode and recompile your apps before submitting them for review.

Apple issued a statement in response to XcodeGhost over the weekend, noting that it has removed all infected apps it is aware of from the App Store and is working with developers to ensure they are using a legitimate version of Xcode.

"We’ve removed the apps from the App Store that we know have been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps."

XcodeGhost affected dozens, and possibly hundreds, of App Store apps. iPhone, iPad and iPod touch users should read what you need to know about XcodeGhost to learn more about the malware and how to keep yourself protected.

Tags: Xcode, XcodeGhost

Popular Stories

iPhone 17 Pro Dark Blue and Orange

iPhone 17 Pro to Start at $1,049 With Doubled Base Storage

Wednesday August 13, 2025 1:45 am PDT by
Apple's upcoming iPhone 17 Pro will have a starting price that is $50 more than the iPhone 16 Pro but it will come with a minimum 256GB of storage, doubling the base capacity compared to last year's model. The information comes from Chinese leaker Instant Digital, posting on Weibo. The account, which has 1.5 million followers, has now made the claim three separate times in recent weeks....
Read Full Article125 comments
Golden Apple Logo

Every Apple Secret That Leaked Yesterday

Thursday August 14, 2025 4:13 am PDT by
Apple made a major slip Wednesday when it accidentally included hardware identifiers in software code linking to numerous unannounced products. The leaked information provided MacRumors with concrete evidence of Apple's hardware development across multiple product categories. Here's everything that was confirmed through the code discoveries: New HomePod mini with updated chip – New...
Read Full Article50 comments
ios 26 liquid glass lock screen beta 6

Apple Changes Liquid Glass Again in iOS 26 Beta 6

Monday August 11, 2025 12:09 pm PDT by
Apple is continuing to tweak the way that the Liquid Glass design looks ahead of the iOS 26 launch, and the latest beta makes a change to the Lock Screen. The Lock Screen clock has been updated with additional transparency, allowing more of the background to peek through. Beta 6 on left, beta 5 on right The clock also has more of a 3D, floating look, which is in line with the rest of the ...
Read Full Article188 comments
iPhone 17 Pro Feature Dual

When Will Apple Announce the iPhone 17 Event?

Tuesday August 12, 2025 12:46 pm PDT by
It is now mid-August, meaning that Apple's annual iPhone event is just around the corner. This year, Apple is expected to unveil the iPhone 17, the all-new iPhone 17 Air, the iPhone 17 Pro, and the iPhone 17 Pro Max. Here are some of the key rumors for those devices:iPhone 17: Same design as iPhone 16, but with an A19 chip, a larger 6.3-inch display, an upgraded 24-megapixel front camera, ...
Read Full Article38 comments
maxresdefault

Top 5 Features Coming to the Apple Watch Ultra 3

Tuesday August 12, 2025 11:48 am PDT by
We're just about a month away from Apple's annual September event, and we're going to get a new version of the Apple Watch Ultra for the first time since 2023. There are some useful new features rumored for the Apple Watch Ultra 3, which we've summarized below. Subscribe to the MacRumors YouTube channel for more videos. Satellite Connectivity - The Apple Watch Ultra 3 will be the first...
Read Full Article66 comments
iPhone 17 Pro 3 4ths Perspective Aluminum Camera Module 1

Alleged iPhone 17 Pro Chassis Offers First Look at All-Aluminum Body

Thursday August 14, 2025 3:40 am PDT by
An alleged iPhone 17 Pro production leak may provide a first look at the device's milled all-aluminum chassis, which this year includes the camera bump – in contrast to last year's iPhone 16 Pro model that features a glass camera module attached to an all-glass back panel. Originally shared by leaker Majin Bu, the image below could be of a moulding, but it still lines up with rumors that...
Read Full Article79 comments
Apple TV 2025 Thumb 2

New Apple TV Coming Later This Year With A17 Pro Chip

Wednesday August 13, 2025 5:29 pm PDT by
Rumors suggest that Apple is working on an updated version of the Apple TV that's slated for launch later this year. Information about the upcoming device that was found in Apple code indicates that it will be equipped with the A17 Pro chip. There have been multiple rumors about a new Apple TV coming in 2025 with a new A-series processor, but it hasn't been clear which chip Apple would use...
Read Full Article117 comments
Generic iOS 18

Apple Says iOS 18.6.1 is Coming Today

Thursday August 14, 2025 7:29 am PDT by
In case you missed it — this is the post for people who mainly only read headlines — Apple has announced that it will be releasing iOS 18.6.1 and watchOS 11.6.1 later today. Apple shared this information in a press release on its Newsroom website. The software updates will re-enable the Blood Oxygen feature on Apple Watch Series 9, Series 10, and Ultra 2 models sold in the United States....
Read Full Article58 comments

Top Rated Comments

macduke Avatar
macduke
129 months ago
Apple should block any developers who used counterfeit versions from being able to submit to the App Store. This level of stupidity shouldn't be allowed on their platform.
Score: 22 Votes (Like | Disagree)
nagromme Avatar
nagromme
129 months ago
Band-Aid achieved. But it shouldn't be possible to do this in the first place--it's a security hole and one that could have been expected. Maybe have iTunes Connect only accept submissions from an unmodified Xcode? I'm not sure this is at all simple to implement, but I'm sure it's important to do so

Developers are to blame too--especially multi-person companies should know better. But the platform should still be protected from developers making mistakes--or being attacked in other as-yet-unknown ways that might make it possible to secretly modify their Xcode. After all, it's possible to choose to bypass the Mac's security features (like Gatekeeper), and some people have reasons to do so. Further checks from Apple's remote end are called for, I think.
Score: 6 Votes (Like | Disagree)
Icy1007 Avatar
Icy1007
129 months ago
Considering I am not an idiot and I downloaded Xcode from Apple's dev portal, I think my copy is clean.
Score: 5 Votes (Like | Disagree)
Jsameds Avatar
Jsameds
129 months ago
"Following last week's disclosure of new iOS malware called XcodeGhost ('https://www.macrumors.com/2015/09/20/xcodeghost-chinese-malware-faq/'), which arose from malicious versions of Xcode hosted on third-party servers, Apple has outlined instructions ('https://developer.apple.com/news/?id=09222015a') for developers to ensure the version of Xcode they are using is valid."


Step 1: Download Xcode from Apple.com


Congratulations, you now have a genuine version of Xcode ;)
Score: 5 Votes (Like | Disagree)
jasnw Avatar
jasnw
129 months ago
On a tangent, but a strongly related one, what's to keep whomever put the malicious Xcode out on Baidu in the first place from having a house stable of devs building malicious apps using their own Xcode? From what I've read, Apple was unable to catch these apps from being borked in the first place. I've long had a healthy skepticism about accessing any critical (financial, medical, etc) websites from a mobile device, now I'm positively paranoid about it.
Score: 5 Votes (Like | Disagree)
TMRJIJ Avatar
TMRJIJ
129 months ago
When you find that an app on that list ('https://forums.macrumors.com/threads/what-you-need-to-know-about-ios-malware-xcodeghost.1918784/#post-21896151') is in your Home Screen



Attachment Image
Score: 4 Votes (Like | Disagree)
Read All Comments