XcodeGhost


'XcodeGhost' Articles

Apple Lists Top 25 Apps Compromised by XcodeGhost Malware

Apple has updated its XcodeGhost FAQ on its Chinese website with a list of the top 25 most popular App Store apps that were compromised by the malware. The list includes some notable apps such as WeChat, Heroes of Order & Chaos and a localized version of Angry Birds 2. Apple advises that users should update the affected apps to fix the issue, noting that if a listed app is available on the App Store right now, it has already been updated. Apps with an asterisk are currently not available on the App Store, but Apple says they should be updated very soon. WeChat DiDi Taxi 58 Classified - Job, Used Cars, Rent Gaode Map - Driving and Public Transportation Railroad 12306 Flush China Unicom Customer Service (Official Version)* CarrotFantasy 2: Daily Battle* Miraculous Warmth Call Me MT 2 - Multi-server version Angry Birds 2 - Yifeng Li’s Favorite* Baidu Music - Music Player with Downloads, Ringtones, Music Videos, Radio & Karaoke DuoDuo Ringtone NetEase Music - An Essential for Radio and Song Download Foreign Harbor - The Hottest Platform for Oversea Shopping* Battle of Freedom (The MOBA mobile game) One Piece - Embark (Officially Authorized)* Let’s Cook - Receipes Heroes of Order & Chaos - Multiplayer Online Game* Dark Dawn - Under the Icing City (the first mobile game sponsored by Fan BingBing)* I Like Being With You* Himalaya FM (Audio Book Community) CarrotFantasy* Flush HD Encounter - Local Chatting Tool Apple has been working to remove all apps compromised by XcodeGhost from the App Store, but some affected apps may remain available for

Apple to Alert Users Who Installed Apps Compromised by XcodeGhost

Apple has added an XcodeGhost question and answer page to its Chinese website today that explains what the malware is, how some users may be affected and next steps the company is taking to ensure that developers and end users alike are protected against malicious software going forward. Apple claims that it has no evidence to suggest that XcodeGhost has been used for anything malicious, such as the transmission of personally identifiable information, stipulating that the code is only able to deliver some general information about apps and system information. Nevertheless, Apple says it is working closely with developers and will soon list the top 25 most popular apps impacted by XcodeGhost on its Chinese website. The company will also be alerting users to let them know if they have downloaded apps that could have been compromised. Many affected apps have since been updated and are no longer infected by XcodeGhost. Relevant portions of the Apple FAQ for users:How does this affect me? How do I know if my device has been compromised? We have no information to suggest that the malware has been used to do anything malicious or that this exploit would have delivered any personally identifiable information had it been used. We’re not aware of personally identifiable customer data being impacted and the code also did not have the ability to request customer credentials to gain iCloud and other service passwords. As soon as we recognized these apps were using potentially malicious code we took them down. Developers are quickly updating their apps for users.

Apple Outlines Steps for Developers to Validate Xcode Following Malware Attack

Following last week's disclosure of new iOS malware called XcodeGhost, which arose from malicious versions of Xcode hosted on third-party servers, Apple has outlined instructions for developers to ensure the version of Xcode they are using is valid. When downloading Xcode from the Mac App Store, or Apple's website so long as Gatekeeper is enabled, OS X automatically checks the app's code signature and validates it against Apple's code. If you must obtain Xcode elsewhere, follow these steps:To verify the identity of your copy of Xcode run the following command in Terminal on a system with Gatekeeper enabled: spctl --assess --verbose /Applications/Xcode.app where /Applications/ is the directory where Xcode is installed. This tool performs the same checks that Gatekeeper uses to validate the code signatures of applications. The tool can take up to several minutes to complete the assessment for Xcode. The tool should return the following result for a version of Xcode downloaded from the Mac App Store: /Applications/Xcode.app: accepted source=Mac App Store and for a version downloaded from the Apple Developer web site, the result should read either /Applications/Xcode.app: accepted source=Apple or /Applications/Xcode.app: accepted source=Apple System Any result other than ‘accepted’ or any source other than ‘Mac App Store’, ‘Apple System’ or ‘Apple’ indicates that the application signature is not valid for Xcode. You should download a clean copy of Xcode and recompile your apps before submitting them for review.Apple issued a statement in response

What You Need to Know About iOS Malware XcodeGhost

Earlier this week, Chinese developers disclosed new iOS malware called XcodeGhost on microblogging service Sina Weibo. U.S. cybersecurity firm Palo Alto Networks has since published details about the malware. MacRumors has created a FAQ so you can learn more about XcodeGhost and how to keep your iOS devices protected. What is XcodeGhost? XcodeGhost is a new iOS malware arising from a malicious version of Xcode, Apple's official tool for developing iOS and OS X apps. How is XcodeGhost distributed? A malicious version of Xcode was uploaded to Chinese cloud file sharing service Baidu and downloaded by some iOS developers in China. Chinese developers then unknowingly compiled iOS apps using the modified Xcode IDE and distributed those infected apps through the App Store. Those apps then managed to pass through Apple's code review process, enabling iOS users to install or update the infected apps on their devices. Which devices are affected? iPhone, iPad and iPod touch models running an iOS version compatible with any of the infected apps. The malware affects both stock and jailbroken devices. Which apps are affected? Palo Alto Networks has shared a full list of over 50 infected iOS apps, including WeChat, NetEase Cloud Music, WinZip, Didi Chuxing, Railway 12306, China Unicom Mobile Office and Tonghuashun. How many users are affected? XcodeGhost potentially affects more than 500 million iOS users, primarily because messaging app WeChat is very popular in China and the Asia-Pacific region. Which unofficial versions of Xcode are affected? All