Apple is taking steps to avoid a repeat of this week’s serious XcodeGhost incident — in which hundreds of App Store apps were discovered to include malware in the form of a counterfeit version of Xcode, the platform used by developers to build their apps.
Developers who have downloaded Xcode from an non-Apple source now have a way to tell if the version their using is an official Apple version, or if it might be infected by XcodeGhost, which wreaked havoc on the App Store on Sunday.
Apple has outlined how to verify if you’re using a counterfeit version of Xcode in a new support document. Developers should always download Xcode directly from the Mac App Store or Developer Website, but if you haven’t, follow these steps to make sure your copy is legit:
The App Store suffered its worst security breach in history over the weekend, when it was discovered that hundreds of Chinese apps have a malicious program dubbed ‘XcodeGhost’ embedded in their software.
The huge security lapse made its way into legitimate apps thanks to Chinese developers who used a counterfeit version of Apple’s Xcode software that was uploaded to file sharing service Baidu. By using XcodeGhost to compile their apps, developers accidentally allowed the malicious code to be distributed through the App Store.
Apple has pulled infected apps off the store to stop stop the spread, but users still need to delete XcodeGhost apps off their devices manually. Most of the apps infected are mostly used in China, however some big name apps like WeChat, Angry Birds 2, and Didi Chuxing (Uber’s biggest rival in China) were also hit.