Pages: [1]   Go Down
« previous next »
  Print  
Author Topic: Apple Outlines Steps for Developers to Validate Xcode Following Malware Attack  (Read 440 times)
HCK
Global Moderator
Hero Member
*****
Posts: 79425
« on: September 25, 2015, 09:00:07 am »
Apple Outlines Steps for Developers to Validate Xcode Following Malware Attack

Following last week's disclosure of new iOS malware called XcodeGhost, which arose from malicious versions of Xcode hosted on third-party servers, Apple has outlined instructions for developers to ensure the version of Xcode they are using is valid.
 
 <img src="" alt="XcodeGhost-Featured" width="736" height="248" class="aligncenter size-full wp-image-466154" />
 When downloading Xcode from the Mac App Store, or Apple's website so long as Gatekeeper is enabled, OS X automatically checks the app's code signature and validates it against Apple's code. If you must obtain Xcode elsewhere, follow these steps:
To verify the identity of your copy of Xcode run the following command in Terminal on a system with Gatekeeper enabled:
 spctl --assess --verbose /Applications/Xcode.app
 
 where /Applications/ is the directory where Xcode is installed. This tool performs the same checks that Gatekeeper uses to validate the code signatures of applications. The tool can take up to several minutes to complete the assessment for Xcode.
 
 The tool should return the following result for a version of Xcode downloaded from the Mac App Store:
 /Applications/Xcode.app: accepted
 source=Mac App Store
 
 and for a version downloaded from the Apple Developer web site, the result should read either
 /Applications/Xcode.app: accepted
 source=Apple
 
 or
 
 /Applications/Xcode.app: accepted
 source=Apple System
 
 Any result other than ‘accepted’ or any source other than ‘Mac App Store’, ‘Apple System’ or ‘Apple’ indicates that the application signature is not valid for Xcode. You should download a clean copy of Xcode and recompile your apps before submitting them for review.
Apple issued a statement in response to XcodeGhost over the weekend, noting that it has removed all infected apps it is aware of from the App Store and is working with developers to ensure they are using a legitimate version of Xcode.
"We’ve removed the apps from the App Store that we know have been created with this counterfeit software. We are working with the developers to make sure they’re using the proper version of Xcode to rebuild their apps."
XcodeGhost affected dozens, and possibly hundreds, of App Store apps. iPhone, iPad and iPod touch users should read what you need to know about XcodeGhost to learn more about the malware and how to keep yourself protected.
 
 
 Recent Mac and iOS Blog Stories
 • Apple Gives Roundhouse Music Venue 'Environmental Makeover'
 • How to Save Battery Life in iOS 9 With Low Power Mode
 • Apple Files Trademark Application for HomeKit 'Home' Icon
 • New 'Steve Jobs' TV Spot Calls Upcoming Movie a 'Must-See'
 • One Day Sale: $300 Discount on 2015 15" Retina MacBook Pro
 • Samsung May Follow Apple by Launching Smartphone Leasing Program
 • Nomad Review: The Pod is an Apple Watch Stand Made for Off-the-Grid Travel With its Built-In Battery
 • Buyer's Guide: Discounts on iPad Mini 3, Retina MacBook Pro, Apple Accessories and More
<br clear='all'/>

<a href="http://rc.feedsportal.com/r/238386214719/u/49/f/648327/c/35070/s/4a1221a8/sc/28/rc/1/rc.htm" rel="nofollow"><img src="http://rc.feedsportal.com/r/238386214719/u/49/f/648327/c/35070/s/4a1221a8/sc/28/rc/1/rc.img" border="0"/>[/url]

<a href="http://rc.feedsportal.com/r/238386214719/u/49/f/648327/c/35070/s/4a1221a8/sc/28/rc/2/rc.htm" rel="nofollow"><img src="http://rc.feedsportal.com/r/238386214719/u/49/f/648327/c/35070/s/4a1221a8/sc/28/rc/2/rc.img" border="0"/>[/url]

<a href="http://rc.feedsportal.com/r/238386214719/u/49/f/648327/c/35070/s/4a1221a8/sc/28/rc/3/rc.htm" rel="nofollow"><img src="http://rc.feedsportal.com/r/238386214719/u/49/f/648327/c/35070/s/4a1221a8/sc/28/rc/3/rc.img" border="0"/>[/url]

<img src="[url]http://da.feedsportal.com/r/238386214719/u/49/f/648327/c/35070/s/4a1221a8/sc/28/a2.img" border="0"/>[/url]
<img src="[url]http://adchoice.feedsportal.com/r/238386214719/u/49/f/648327/c/35070/s/4a1221a8/sc/28/ach.img" border="0"/>[/url]<img width="1" height="1" src="http://pi.feedsportal.com/r/238386214719/u/49/f/648327/c/35070/s/4a1221a8/sc/28/a2t.img" border="0"/><img width="1" height="1" src="http://pi2.feedsportal.com/r/238386214719/u/49/f/648327/c/35070/s/4a1221a8/sc/28/a2t2.img" border="0"/><img width='1' height='1' src='' border='0'/><div class="feedflare">
<img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=yIl2AUoC8zA" border="0"></img>[/url] <img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=6W8y8wAjSf4" border="0"></img>[/url] <img src="[url]http://feeds.feedburner.com/~ff/MacRumors-Front?d=qj6IDK7rITs" border="0"></img>[/url]
</div><img src="http://feeds.feedburner.com/~r/MacRumors-Front/~4/8_n4KxKSr44" height="1" width="1" alt=""/>

Source: Apple Outlines Steps for Developers to Validate Xcode Following Malware Attack
Logged
Pages: [1]   Go Up
  Print  
« previous next »
 
Jump to: