Apple Outlines Steps for Developers to Validate Xcode Following Malware Attack

Following last week's disclosure of new iOS malware called XcodeGhost, which arose from malicious versions of Xcode hosted on third-party servers, Apple has outlined instructions for developers to ensure the version of Xcode they are using is valid.

XcodeGhost-Featured
When downloading Xcode from the Mac App Store, or Apple's website so long as Gatekeeper is enabled, OS X automatically checks the app's code signature and validates it against Apple's code. If you must obtain Xcode elsewhere, follow these steps:

To verify the identity of your copy of Xcode run the following command in Terminal on a system with Gatekeeper enabled:
spctl --assess --verbose /Applications/Xcode.app

where /Applications/ is the directory where Xcode is installed. This tool performs the same checks that Gatekeeper uses to validate the code signatures of applications. The tool can take up to several minutes to complete the assessment for Xcode.

The tool should return the following result for a version of Xcode downloaded from the Mac App Store:
/Applications/Xcode.app: accepted
source=Mac App Store

and for a version downloaded from the Apple Developer web site, the result should read either
/Applications/Xcode.app: accepted
source=Apple

or

/Applications/Xcode.app: accepted
source=Apple System

Any result other than ‘accepted’ or any source other than ‘Mac App Store’, ‘Apple System’ or ‘Apple’ indicates that the application signature is not valid for Xcode. You should download a clean copy of Xcode and recompile your apps before submitting them for review.

Apple issued a statement in response to XcodeGhost over the weekend, noting that it has removed all infected apps it is aware of from the App Store and is working with developers to ensure they are using a legitimate version of Xcode.

"We’ve removed the apps from the App Store that we know have been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps."

XcodeGhost affected dozens, and possibly hundreds, of App Store apps. iPhone, iPad and iPod touch users should read what you need to know about XcodeGhost to learn more about the malware and how to keep yourself protected.

Top Rated Comments

macduke Avatar
68 months ago
Apple should block any developers who used counterfeit versions from being able to submit to the App Store. This level of stupidity shouldn't be allowed on their platform.
Score: 22 Votes (Like | Disagree)
nagromme Avatar
68 months ago
Band-Aid achieved. But it shouldn't be possible to do this in the first place--it's a security hole and one that could have been expected. Maybe have iTunes Connect only accept submissions from an unmodified Xcode? I'm not sure this is at all simple to implement, but I'm sure it's important to do so

Developers are to blame too--especially multi-person companies should know better. But the platform should still be protected from developers making mistakes--or being attacked in other as-yet-unknown ways that might make it possible to secretly modify their Xcode. After all, it's possible to choose to bypass the Mac's security features (like Gatekeeper), and some people have reasons to do so. Further checks from Apple's remote end are called for, I think.
Score: 6 Votes (Like | Disagree)
Icy1007 Avatar
68 months ago
Considering I am not an idiot and I downloaded Xcode from Apple's dev portal, I think my copy is clean.
Score: 5 Votes (Like | Disagree)
Jsameds Avatar
68 months ago
"Following last week's disclosure of new iOS malware called XcodeGhost ('https://www.macrumors.com/2015/09/20/xcodeghost-chinese-malware-faq/'), which arose from malicious versions of Xcode hosted on third-party servers, Apple has outlined instructions ('https://developer.apple.com/news/?id=09222015a') for developers to ensure the version of Xcode they are using is valid."


Step 1: Download Xcode from Apple.com


Congratulations, you now have a genuine version of Xcode ;)
Score: 5 Votes (Like | Disagree)
jasnw Avatar
68 months ago
On a tangent, but a strongly related one, what's to keep whomever put the malicious Xcode out on Baidu in the first place from having a house stable of devs building malicious apps using their own Xcode? From what I've read, Apple was unable to catch these apps from being borked in the first place. I've long had a healthy skepticism about accessing any critical (financial, medical, etc) websites from a mobile device, now I'm positively paranoid about it.
Score: 5 Votes (Like | Disagree)
TMRJIJ Avatar
68 months ago
When you find that an app on that list ('https://forums.macrumors.com/threads/what-you-need-to-know-about-ios-malware-xcodeghost.1918784/#post-21896151') is in your Home Screen



Attachment Image
Score: 4 Votes (Like | Disagree)

Top Stories

0 Deals Hero

Black Friday 2020: Best Apple Deals to Plan For

Saturday November 21, 2020 10:00 am PST by
In the lead-up to Black Friday next week, we've been putting a spotlight on the best deals coming from various retailers like Best Buy and Walmart. In an effort to further prepare our readers for the best Black Friday deals, we're breaking down what we think should be on your radar for Black Friday in 2020. Note: MacRumors is an affiliate partner with some of these vendors. When you click a...
m1 mac mini vignette

Apple Lists M1-Based Mac Mini Logic Boards With 10 Gigabit Ethernet in Internal Parts Ordering System

Friday November 20, 2020 9:32 am PST by
While the new Mac mini with the M1 chip is only available with Gigabit Ethernet, Apple has listed multiple M1-based Mac mini logic boards with 10 Gigabit Ethernet in an internal parts list for Apple Authorized Service Providers. For every Mac mini logic board with Gigabit Ethernet in the parts list, obtained by MacRumors, there is a corresponding logic board with 10 Gigabit Ethernet:...
new m1 chip

Craig Federighi: Native Windows on M1 Macs is 'Really up to Microsoft'

Friday November 20, 2020 11:57 am PST by
Following the release of the M1 Macs Apple executives have been doing interviews with a range of publications, and today, Ars Technica published another interview with software engineering chief Craig Federighi, hardware technologies lead Johny Srouji, and marketing VP Greg Joswiak. Much of the interview focuses on topics that the three have already covered in prior discussions, but there is ...
14

Apple Releases iOS 14.2.1 With Fix for Text Message Bug and iPhone 12 Mini Lock Screen Issues

Thursday November 19, 2020 10:16 am PST by
Apple today released iOS 14.2.1, a bug fix update that comes two weeks after the launch of iOS 14.2 and is available for Apple's new iPhone 12 models. The iOS 14.2.1 update can be downloaded for free and it is available on all eligible devices over-the-air in the Settings app. To access the new software, go to Settings > General > Software Update. According to Apple's release notes, iOS...
Walmart November Deals Hero

Black Friday Spotlight: Walmart Will Have AirPods Pro Down to Lowest Price of $169, and More Apple Deals

Thursday November 19, 2020 8:05 am PST by
We've been tracking early Black Friday deals in our dedicated Black Friday Roundup, and in an effort to prepare our readers for the big shopping event we're highlighting sales store-by-store in the lead-up to November 27. Note: MacRumors is an affiliate partner with Walmart. When you click a link and make a purchase, we may receive a small payment, which helps us keep the site running. Next ...
apple leather sleeve

Leather Sleeve for iPhone 12 Models Now Available From Apple

Friday November 20, 2020 12:16 pm PST by
Apple today began selling the Leather Sleeve for the new iPhone 12 models, with the accessory having first been announced alongside the updated iPhones in October. Priced at $129, the Leather Sleeve is not a case and is designed to be removed when the iPhone is in use. It features a cutout at the front that displays the time, and it comes with a matching leather strap. According to Apple, it ...
iOS14AntitrackFacebookSadfeature

Apple Confirms Commitment to App Tracking Transparency in Letter Condemning Facebook's Data Collection [Updated]

Thursday November 19, 2020 11:58 am PST by
Apple in iOS 14 is planning to introduce a new App Tracking Transparency feature that will let users know when companies want to track them across apps and website. Following outcry from developers like Facebook and ad networks unprepared for the change, Apple delayed the implementation of the anti-tracking functionality until early 2021. Eight civil society organizations recently sent a...
maxresdefault

CrossOver Allows x86 Windows Apps to Run on Apple M1 Macs

Wednesday November 18, 2020 6:07 pm PST by
Codeweavers posted a blog post and video tonight showing off CrossOver running on an Apple M1 MacBook Air. This video shows Team Fortress 2 running on a new M1 MacBook Air: CrossOver is software (based on Wine Project) that runs Microsoft Windows apps on the Mac by translating Windows APIs into their Mac equivalents. The Codeweavers team was able to run the current version of CrossOver on...
macbookpro13large

Apple Offers Instructions on What to Do if macOS Big Sur Causes Installation Errors on 2013 and 2014 MacBook Pro

Thursday November 19, 2020 6:12 pm PST by
Following the release of macOS Big Sur last week, a number of 2013 and 2014 MacBook Pro owners found that the update bricked their machines. Affected users saw their Macs get stuck displaying a black screen after attempting to install the new software. Apple has now addressed this issue in a new support document that provides instructions on what to do if macOS Big Sur can't be installed on...
128gb m1 macbook air education cropped

$799 M1 MacBook Air With 128GB Storage for Education Institutions Spotted Online

Friday November 20, 2020 5:15 am PST by
A new configuration of the M1 MacBook Air with 128GB of storage and a lower $799 price has today been spotted on Apple's U.S. Education Institution Hardware and Software Price List. The M1 MacBook Air is only available with 256GB, 512GB, 1TB, or 2TB of storage. There is currently no 128GB configuration on the Apple Store. However, Reddit user "u/dduci97" noticed that Apple has listed...