Developers who have downloaded Xcode from an non-Apple source now have a way to tell if the version their using is an official Apple version, or if it might be infected by XcodeGhost, which wreaked havoc on the App Store on Sunday.
Apple has outlined how to verify if you’re using a counterfeit version of Xcode in a new support document. Developers should always download Xcode directly from the Mac App Store or Developer Website, but if you haven’t, follow these steps to make sure your copy is legit:
1) Open Terminal
2) Run the following command: spctl –assess –verbose /Applications/Xcode.app
3) Wait a few minutes.
Terminal will return the following for Xcode downloaded from the Mac App Store:
/Applications/Xcode.app: accepted
source=Mac App Store
If you downloaded Xcode from the Developer Site it will return one of the following:
/Applications/Xcode.app: accepted
source=Apple
or
/Applications/Xcode.app: accepted
source=Apple System
If Terminal’s results are anything other than ‘accepted’ from any source other than ‘Mac App Store’, ‘Apple System’ or ‘Apple’, you have a version that doesn’t have a valid signature. Delete it, and go download a clean version from the dev site.
Source: Apple