Ghost in XCode
Apple recently removed many apps from the appstore which were built with fake version of XCode. Most of these apps were submitted for the Chinese app store.
The reason being, in China the Apple servers are very slow. So when the developers download XCode which is more than 3 GB directly from the AppStore, it takes hours for them to finish. As a result they download the XCode from some other third party mirror links. But this copy of the XCode is a malicious one is already infected by the hackers. As a result when we build our apps with this version of XCode, malicious code is injected with our app.
So we must be very careful with where do we get our XCode from.
Apple already have a way to find the malicious apps from the OSX 8 called GateKeeper which tells the user whenever we try run a malicious (not code-signed) application in our Mac. But if you disabled the GateKeeper in your Mac you won't get the warning.
Apple sent out mails to all the developers to check if they are using the right version of XCode. To find out if you are using the un-infected version of XCode, run this command in the terminal
Apple recently removed many apps from the appstore which were built with fake version of XCode. Most of these apps were submitted for the Chinese app store.
The reason being, in China the Apple servers are very slow. So when the developers download XCode which is more than 3 GB directly from the AppStore, it takes hours for them to finish. As a result they download the XCode from some other third party mirror links. But this copy of the XCode is a malicious one is already infected by the hackers. As a result when we build our apps with this version of XCode, malicious code is injected with our app.
So we must be very careful with where do we get our XCode from.
Apple already have a way to find the malicious apps from the OSX 8 called GateKeeper which tells the user whenever we try run a malicious (not code-signed) application in our Mac. But if you disabled the GateKeeper in your Mac you won't get the warning.
Apple sent out mails to all the developers to check if they are using the right version of XCode. To find out if you are using the un-infected version of XCode, run this command in the terminal
spctl --assess --verbose /Applications/Xcode.app
More info on this here:
https://developer.apple.com/news/?id=09222015a
No comments:
Post a Comment