Apple Outlines Steps for Developers to Validate Xcode Following Malware Attack

Following last week's disclosure of new iOS malware called XcodeGhost, which arose from malicious versions of Xcode hosted on third-party servers, Apple has outlined instructions for developers to ensure the version of Xcode they are using is valid.

XcodeGhost-Featured
When downloading Xcode from the Mac App Store, or Apple's website so long as Gatekeeper is enabled, OS X automatically checks the app's code signature and validates it against Apple's code. If you must obtain Xcode elsewhere, follow these steps:

To verify the identity of your copy of Xcode run the following command in Terminal on a system with Gatekeeper enabled:
spctl --assess --verbose /Applications/Xcode.app

where /Applications/ is the directory where Xcode is installed. This tool performs the same checks that Gatekeeper uses to validate the code signatures of applications. The tool can take up to several minutes to complete the assessment for Xcode.

The tool should return the following result for a version of Xcode downloaded from the Mac App Store:
/Applications/Xcode.app: accepted
source=Mac App Store

and for a version downloaded from the Apple Developer web site, the result should read either
/Applications/Xcode.app: accepted
source=Apple

or

/Applications/Xcode.app: accepted
source=Apple System

Any result other than ‘accepted’ or any source other than ‘Mac App Store’, ‘Apple System’ or ‘Apple’ indicates that the application signature is not valid for Xcode. You should download a clean copy of Xcode and recompile your apps before submitting them for review.

Apple issued a statement in response to XcodeGhost over the weekend, noting that it has removed all infected apps it is aware of from the App Store and is working with developers to ensure they are using a legitimate version of Xcode.

"We’ve removed the apps from the App Store that we know have been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps."

XcodeGhost affected dozens, and possibly hundreds, of App Store apps. iPhone, iPad and iPod touch users should read what you need to know about XcodeGhost to learn more about the malware and how to keep yourself protected.

Popular Stories

iOS 18

iOS 18.4 Coming Next Week With These New Features for Your iPhone

Friday February 14, 2025 6:18 am PST by
The first iOS 18.4 beta for iPhones should be just around the corner, and the update is expected to include many new features and changes. Bloomberg's Mark Gurman expects the iOS 18.4 beta to be released by next week. Below, we outline what to expect from iOS 18.4 so far. Apple Intelligence for Siri Siri is expected to get several enhancements powered by Apple Intelligence on iOS...
apple launch feb 2025 alt

What to Expect From the 'Apple Launch' Next Week

Thursday February 13, 2025 11:48 am PST by
Apple has yet to announce any new devices this year, but that could change starting next week. Apple CEO Tim Cook today said to "get ready" for a "launch" on Wednesday, February 19. "Get ready to meet the newest member of the family," said Cook, in a social media post. The post includes an #AppleLaunch hashtag, along with a short video featuring an animated Apple logo inside of a circle....
apple launch feb 2025

Tim Cook Teases an 'Apple Launch' Next Wednesday

Thursday February 13, 2025 8:07 am PST by
In a social media post today, Apple CEO Tim Cook teased an upcoming "launch" of some kind scheduled for Wednesday, February 19. "Get ready to meet the newest member of the family," he said, with an #AppleLaunch hashtag. The post includes a short video with an animated Apple logo inside a circle. Cook did not provide an exact time for the launch, or share any other specific details, so...
iPhone 17 Pro Render Front Page Tech

iPhone 17 Pro With All-New Camera Bar Design Allegedly Revealed

Thursday February 13, 2025 5:49 pm PST by
Apple's next-generation iPhone 17 Pro will feature three rear cameras arranged in a familiar triangular layout, but the cameras will be housed in an all-new rectangular camera bar with rounded corners, according to YouTube channel Front Page Tech. iPhone 17 Pro camera design render created by Asher for Front Page Tech In a video uploaded today, Front Page Tech host Jon Prosser said the camera ...
iPhone SE 4 Thumb 1

'New' iPhone SE Product Listing Appears on French Website

Wednesday February 12, 2025 6:49 am PST by
As the wait continues for Apple's long-rumored, fourth-generation iPhone SE, French electronics retailer Boulanger has prematurely published a product listing for a "new" model of the iPhone SE. The placeholder page says the device is "coming soon," but it offers no further information, and the price shown is obviously not real. The listing was spotted by a reader of the French technology...
M4 Mac mini Apple Video

Apple's Refurbished Mac Mini Pricing Has a Problem

Thursday February 13, 2025 6:20 am PST by
Apple this week began selling refurbished Mac mini models with the M4 chip for the first time, but this has led to a pricing conundrum. In the United States, Apple is offering a refurbished Mac mini with the base M4 chip, 256GB of storage, 16GB of RAM, and Gigabit Ethernet for $509, down from $599 new. This is the standard 15% discount that Apple offers on refurbished Macs. The issue is...
iPhone 16 Apple Store

iPhone 17 in New Sizes This Year: What to Know

Thursday February 13, 2025 2:45 am PST by
Last year, Apple tweaked iPhone 16 Pro screen sizes to make them bigger than 2023's iPhone 15 Pro models, and this year we are also expecting a change in the size of the displays in the iPhone 17 lineup. Here's what we know. Standard iPhone 17 Apple could introduce a new display size for the standard iPhone 17 model in 2025. The iPhone 17 could measure in at 6.3 inches, up from 6.1 inches,...
iphone air concept weis

iPhone 17 Air Could Look Like This in Real Life

Friday February 14, 2025 3:41 am PST by
There have been several alleged leaked details of the iPhone 17 Air, Apple's rumored new slim iPhone, but images have been limited to grainy shots taken in component factories. However, this hyper-realistic concept created by WEIS Studio gives us the best idea yet of what Apple's thin device might actually look like. The concept design is inspired by recent leaks indicating that the device...

Top Rated Comments

macduke Avatar
123 months ago
Apple should block any developers who used counterfeit versions from being able to submit to the App Store. This level of stupidity shouldn't be allowed on their platform.
Score: 22 Votes (Like | Disagree)
nagromme Avatar
123 months ago
Band-Aid achieved. But it shouldn't be possible to do this in the first place--it's a security hole and one that could have been expected. Maybe have iTunes Connect only accept submissions from an unmodified Xcode? I'm not sure this is at all simple to implement, but I'm sure it's important to do so

Developers are to blame too--especially multi-person companies should know better. But the platform should still be protected from developers making mistakes--or being attacked in other as-yet-unknown ways that might make it possible to secretly modify their Xcode. After all, it's possible to choose to bypass the Mac's security features (like Gatekeeper), and some people have reasons to do so. Further checks from Apple's remote end are called for, I think.
Score: 6 Votes (Like | Disagree)
Icy1007 Avatar
123 months ago
Considering I am not an idiot and I downloaded Xcode from Apple's dev portal, I think my copy is clean.
Score: 5 Votes (Like | Disagree)
Jsameds Avatar
123 months ago
"Following last week's disclosure of new iOS malware called XcodeGhost ('https://www.macrumors.com/2015/09/20/xcodeghost-chinese-malware-faq/'), which arose from malicious versions of Xcode hosted on third-party servers, Apple has outlined instructions ('https://developer.apple.com/news/?id=09222015a') for developers to ensure the version of Xcode they are using is valid."


Step 1: Download Xcode from Apple.com


Congratulations, you now have a genuine version of Xcode ;)
Score: 5 Votes (Like | Disagree)
jasnw Avatar
123 months ago
On a tangent, but a strongly related one, what's to keep whomever put the malicious Xcode out on Baidu in the first place from having a house stable of devs building malicious apps using their own Xcode? From what I've read, Apple was unable to catch these apps from being borked in the first place. I've long had a healthy skepticism about accessing any critical (financial, medical, etc) websites from a mobile device, now I'm positively paranoid about it.
Score: 5 Votes (Like | Disagree)
TMRJIJ Avatar
123 months ago
When you find that an app on that list ('https://forums.macrumors.com/threads/what-you-need-to-know-about-ios-malware-xcodeghost.1918784/#post-21896151') is in your Home Screen



Attachment Image
Score: 4 Votes (Like | Disagree)