Developers who have downloaded Xcode from an non-Apple source now have a way to tell if the version their using is an official Apple version, or if it might be infected by XcodeGhost, which wreaked havoc on the App Store on Sunday.
Apple has outlined how to verify if you’re using a counterfeit version of Xcode in a new support document. Developers should always download Xcode directly from the Mac App Store or Developer Website, but if you haven’t, follow these steps to make sure your copy is legit:
1) Open Terminal
2) Run the following command: spctl –assess –verbose /Applications/Xcode.app
3) Wait a few minutes.
Terminal will return the following for Xcode downloaded from the Mac App Store:
/Applications/Xcode.app: accepted
source=Mac App Store
If you downloaded Xcode from the Developer Site it will return one of the following:
/Applications/Xcode.app: accepted
source=Apple
or
/Applications/Xcode.app: accepted
source=Apple System
If Terminal’s results are anything other than ‘accepted’ from any source other than ‘Mac App Store’, ‘Apple System’ or ‘Apple’, you have a version that doesn’t have a valid signature. Delete it, and go download a clean version from the dev site.
Source: Apple
Buster Hein is a freelance writer who lives in Phoenix, Arizona. Twitter: @bst3r.
3 responses to “How to tell if you’re using a counterfeit version of Xcode”
Smart formatting strikes again. Step 2 should be –assess and –verbose, with two single dashes not a fancy en dash that your text editor “helpfully” substituted for you when you copied and pasted. Also, a monospaced font would help impress that these are typed commands and console output, which were also in the original and lost in pastation.
Hey Buster, you misspelled counterfeit in the title, but got it right in the body.
it’s a lot easier than that. Did you download it from the Apple App Store. yes and you’re good. no and you probably have a jacked version
its free and you don’t have to be a developer so why wouldn’t you go to the source