Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

XcodeGhost used unprecedented infection strategy against Apple

Gregg Keizer | Sept. 30, 2015
Incautious iOS developers were duped into seeding their work with malformed code via bootleg Xcode toolset

Gatekeeper is a feature in OS X -- the development platform for iOS as well as Mac apps -- that by default allows users to install only software downloaded from the Mac App Store or those digitally signed by a registered developer, including Apple. Gatekeeper debuted in 2012's Mountain Lion, but is often disabled by advanced users so that they can download third-party software not distributed through the Mac App Store.

Wei echoed Apple as he chastised the developers who grabbed the fake Xcode without checking its validity. "Developers have the responsibility to confirm that [Xcode] came from Apple and was unchanged," Wei said. "They should have used caution, and confirmed the hash value of the download."

Guerra warned that sneaky strategies like XcodeGhost are only part of a bigger problem. "This is a part of the trend that will only increase," he said. "As more and more users are doing things on mobile, attackers are finding more ways to infiltrate into mobile."

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.