How to check your version of Xcode for infection ‘XcodeGhost’

You probably already know that several applications were infected with XcodeGhost malware, as developers based in China used a malicious version of Xcode, the official tool from Apple to develop iOS and OS X applications. Affected over 500 million users, XcodeGhost is the biggest security hit iOS.


The company Apple has now sent emails to developers with instructions on how they can test their version of Xcode to prevent similar incidents in the future.

We recently removed apps from App Store that were created with a fake version of Xcode that harmed clients. You should always download Xcode directly from the Mac App Store, or from the developer's website Apple, and leave Gatekeeper enabled on all your anti-counterfeiting systems.

Gatekeeper automatically verifies the code signature for Xcode and confirms that the code is signed Apple. However, if developers have downloaded Xcode from another source, then they should follow these steps to verify the integrity of their version of Xcode:

To verify the authenticity of your copy of Xcode, run the following command in a terminal on a system with Gatekeeper enabled:

spctl -assess -verbose /Applications/

where / Applications / is the directory where Xcode is installed. This tool performs the same checks as the Gatekeeper, using application code signing to verify. It may take a few minutes to complete the Xcode evaluation.

The tool should return the following output for the version of Xcode downloaded from Mac App Store:

/Applications/ accepted
source = Mac App Store

and for the version downloaded from the developer's website Apple, the result should be read either

/Applications/ accepted
source = Apple


/Applications/ accepted
source = Apple System

Любой результат, кроме ‘accepted’ или любой другой источник, кроме “Mac App Store ‘, ‘Apple System’ или’ ‘Apple, показывает, что подпись приложения is not valid for Xcode. You must download a clean copy of Xcode and recompile your applications before submitting them.

Surprisingly, apps iOS infected with malware have gone through the rigorous App Review process. So it remains to be seen what steps Apple will take to check applications presented in App Store that do not contain malware.

You can use the Pangu command tool to find out if there are any applications infected with XcodeGhost malware installed on your iOS device.

Rate article
Site about smartphones, instructions, advice, ratings.
Add a comment