Apple takes steps to avoid a repeat of XcodeGhost debacle


Double-check that you're using the right version of Xcode to build apps.
Apple will provide Chinese users with a local official version of Xcode to download.
Photo: Johan Larrson/Flickr

Apple is taking steps to avoid a repeat of this week’s serious XcodeGhost incident — in which hundreds of App Store apps were discovered to include malware in the form of a counterfeit version of Xcode, the platform used by developers to build their apps.

The dodgy Xcode spread in China because it was quicker for developers to download it than it was for them to source the official Xcode from Apple’s servers.

“In the U.S. it only needs 25 minutes to download,” Phil Schiller told Chinese publication Sina. In China, however, he says that it “may take three times as long” for developers to get Xcode due to slower Internet speeds. To get around the problem, Apple will soon be providing an official version of Xcode for developers to download domestically inside China.

Schiller says that Apple will reveal a list of the 25 apps it knows have been infected by XcodeGhost, although stressed that the malware has not yet been shown to steal any information from users.

In the meantime, Apple has provided guidelines so that developers can make sure they’re not using a counterfeit version of Xcode in their apps. If you’re a dev, you can follow the instructions here to put yourself at ease.

Users can also check this list of what are believed to be all the affected apps so that you can delete them.

Source: Sina

Via: Cnet



Daily round-ups or a weekly refresher, straight from Cult of Mac to your inbox.

  • The Weekender

    The week's best Apple news, reviews and how-tos from Cult of Mac, every Saturday morning. Our readers say: "Thank you guys for always posting cool stuff" -- Vaughn Nevins. "Very informative" -- Kenly Xavier.