September 22, 2015 Last Updated 7:53 am

Apple asks developers to validate Xcode

Bootleg version of Apple’s developer software called XcodeGhost has led to 300+ infected apps making it into the Apple App Store (which have since been removed by Apple)

The news that Apple ecosystem has been a hard one for hackers to infect, but an ingenious way around the problem turned out to be creating an infected version of Xcode, the software used to create apps, and then get developers to download, install and use it.

Xcode6-150That a developer would download a version of Xcode any place other than on the Apple developer site was always playing with fire, but apparently a number of developers did just that, downloading the infected version of Xcode from servers controlled by the Chinese Internet company Baidu.

“(W)e believe XcodeGhost is a very harmful and dangerous malware that has bypassed Apple’s code review and made unprecedented attacks on the iOS ecosystem. The techniques used in this attack could be adopted by criminal and espionage focused groups to gain access to iOS devices,” Palo Alto Networks reported.

Today Apple sent an email to developers asking them to make sure they only download Xcode from Apple, and to validate that they have a legitimate copy of the software if in doubt.

“We recently removed apps from the App Store that were built with a counterfeit version of Xcode which had the potential to cause harm to customers,” Apple wrote to developers. “You should always download Xcode directly from the Mac App Store, or from the Apple Developer website, and leave Gatekeeper enabled on all your systems to protect against tampered software.”

For instructions concerning validating your version of Xcode, go to this Apple developer support page here.

Comments are closed.