Page 1 of 1

Xcode Ghost

Posted: Tue Sep 22, 2015 9:36 am
by Stephen Hart
Here's a pretty good article about the Xcode Ghost problem that's in the news.

Summary:
• Some developers in China downloaded a pirated (and altered) version of Xcode from a Chinese software-distribution site. :!:
• For that altered version of Xcode to start the first time, Gatekeeper had to be turned off or overridden. :!:
• New versions of some apps were compiled with this altered version of Xcode and contained malware.
• All those tainted versions have been removed from the App Store by Apple. :)

Xcode is Apple's free software development environment.


https://nakedsecurity.sophos.com/2015/0 ... e-present/

Re: Xcode Ghost

Posted: Wed Sep 23, 2015 1:54 pm
by Stephen Hart
More info:

http://www.macnn.com/articles/15/09/22/ ... ck.130521/

Here's the Apple explanation:

https://www.apple.com/cn/xcodeghost/#english

Key points from Apple:
Some developers downloaded counterfeit versions of Xcode that have been infected with malware and created apps that were just as infected.

Apple incorporates technologies like Gatekeeper expressly to prevent non-App Store and/or unsigned versions of programs, including Xcode, from being installed. Those protections had to have been deliberately disabled by the developer for something like XcodeGhost to successfully install.
We have no information to suggest that the malware has been used to do anything malicious or that this exploit would have delivered any personally identifiable information had it been used.
It's still not clear to me whether any of the tainted apps reached the US Apple Store. This article helps a bit, but not much:
http://www.cultofmac.com/389703/faq-eve ... tore-hack/