Apple warns developers to verify XCode
Apple says developer tool should only be downloaded from official websites to avoid another malware attack
Apple is warning app developers to check their version of Xcode isn't counterfeit after malicious apps snuck into the App Store.
Xcode is Apple's integrated development environment (IDE) for making iOS and OS X apps. A piece of malware called XcodeGhost uses the IDE to infect apps without developers knowing, sitting in otherwise normal apps to steal data, such as your name or password. That attack is considered the first major successful App Store hack, though it is largely focused on the Chinese side of the market.
"We recently removed apps from the App Store that were built with a counterfeit version of Xcode which had the potential to cause harm to customers," the company admitted in a message to developers on its website.
Apple advised developers to always download Xcode directly from the Mac App Store or Apple Developer website, and to leave the Gatekeeper security tool enabled all the time.
The company explained that downloading Xcode from an official site means the code is verified and validated. If you got it from a different source - including a USB or over a local network - you can easily verify it using the instructions here.
If the application signature isn't verified, Apple said "you should download a clean copy of Xcode and recompile your apps before submitting them for review".
Apple head of marketing Phil Schiller told a Chinese news agency that the XcodeGhost malware was able to spread so widely in China because many developers there download the IDE program from locally hosted unofficial sites because it takes too long to get it from the US Apple sites, thanks to internet controls in the country. Apple will be setting up a locally hosted official download site to avoid the problem in the future.
What should users do?
Security firm Lookout has issued a to-do list for any affected iPhone users.
If any of the infected apps - listed here - are on your phone, either update them to a fixed version or delete them immediately.
It's worth changing your Apple ID password, and if you've used the same credentials on other accounts, use a fresh one for those too.
More generally, be wary of suspicious emails or push notifications, especially those asking for personal information.
Apple has also said it will be alerting users if they downloaded an infected app.
Security analytics for your multi-cloud deployments
IBM Security QRadar SIEM solution briefDownload now
Five reasons to move to the cloud
Join the enterprises moving their workloads to the cloudDownload now
Architecting hybrid IT and edge for digital advantage
Why business leaders should consider a hybrid IT strategyDownload now
Six reasons to accelerate remote asset monitoring with AI
How to optimise resources, increase productivity, and grow profit margins with AIDownload now