The recent breach of Apple App Store by XcodeGhost malware shook the technology industry. This is the sixth malware that has made its way into the official App store after LBTM, InstaStock, FindAndCall, Jekyll and FakeTor, according to Palo Alto Networks.
According to security firm, the scale of the attack is like nothing Apple has experienced before.
"We believe XcodeGhost is a very harmful and dangerous malware that has bypassed Apple's code review and made unprecedented attacks on the iOS ecosystem," the firm said.
The tech giant immediately attended the problem and has recently announced that that the apps created with the counterfeit software have been removed from the App Store. Moreover, it is also blocking submissions of new apps that contain the malware from entering the App Store.
“We’re working closely with developers to get impacted apps back on the App Store as quickly as possible for customers to enjoy”, said Apple. “A list of the top 25 most popular apps impacted will be listed soon so users can easily verify if they have downloaded the latest versions of these apps. After the top 25 impacted apps, the number of impacted users drops significantly.”
Apple incorporates technologies like Gatekeeper in order to prevent non-App Store and/or unsigned versions of programs, including Xcode, from being installed. The company cautions the app developers saying that they should always download Xcode directly from the Mac App Store, or from the Apple Developer website, and leave Gatekeeper enabled on all their systems to protect against tampered software.
As part of its efforts to tackle the malware problem, Apple issued commands that can be used by app developers to verify the identity of the Xcode copy. These commands need to be run in Terminal on a system with Gatekeeper enabled:
“spctl --assess --verbose /Applications/Xcode.app
where /Applications/ is the directory where Xcode is installed. This tool performs the same checks that Gatekeeper uses to validate the code signatures of applications. The tool can take up to several minutes to complete the assessment for Xcode.
The tool should return the following result for a version of Xcode downloaded from the Mac App Store:
/Applications/Xcode.app: accepted
source=Mac App Store
and for a version downloaded from the Apple Developer web site, the result should read either
/Applications/Xcode.app: accepted
source=Apple
or
/Applications/Xcode.app: accepted
source=Apple System
Any result other than ‘accepted’ or any source other than ‘Mac App Store’, ‘Apple System’ or ‘Apple’ indicates that the application signature is not valid for Xcode.”


Baige Online Shares Soar 333% in Hong Kong IPO Debut as AI Insurance Demand Lifts Chinese Listings
Apple Challenges India Antitrust Probe, Says CCI Copied Rivals’ Claims in App Store Case
OpenAI Proposes 5% U.S. Government Stake Amid AI Policy Talks
Chip Stocks Rally as Samsung and SK Hynix’s $1.3 Trillion Investment Plan Boosts AI Optimism
Nvidia Stock Rises as SemiAnalysis Sees AI Data Center Revenue Beating Wall Street Forecasts
Super Micro Shares Slide After Taiwan Raids Over Alleged Nvidia AI Chip Smuggling Probe
Anthropic Brings Claude AI Models to Microsoft Azure Foundry With NVIDIA Blackwell GPUs
Anthropic Restores Claude Fable 5 and Mythos 5 After U.S. Lifts AI Export Controls
Baidu Shares Rally as Kunlunxin Eyes $50 Billion Hong Kong IPO
TSMC CoWoS Capacity Forecast Raised as Mizuho Sees AI Server CPU Demand Surging Through 2027
Meta Stock Jumps as AI Cloud Expansion Challenges AWS, Microsoft, and Google
ShareChat Eyes 2027 IPO After Reaching Operational Profitability, Report Says
Trump Administration to Launch Voluntary AI Standards for Frontier Models
Kioxia Bets on AI Memory Boom With Next-Gen NAND Production in Japan
SoftBank Shares Slide as OpenAI IPO Delay Concerns Weigh on AI Investment Outlook
South Korea Alleges Google Abused Android App Store Dominance, Eyes Major Fine
Samsung to Invest $90 Billion in South Korea to Expand AI Chip, Display, and Battery Production 



