Apple to Alert Users Who Installed Apps Compromised by XcodeGhost
Apple has added an XcodeGhost question and answer page to its Chinese website today that explains what the malware is, how some users may be affected and next steps the company is taking to ensure that developers and end users alike are protected against malicious software going forward.
Apple claims that it has no evidence to suggest that XcodeGhost has been used for anything malicious, such as the transmission of personally identifiable information, stipulating that the code is only able to deliver some general information about apps and system information.
Nevertheless, Apple says it is working closely with developers and will soon list the top 25 most popular apps impacted by XcodeGhost on its Chinese website. The company will also be alerting users to let them know if they have downloaded apps that could have been compromised. Many affected apps have since been updated and are no longer infected by XcodeGhost.
Relevant portions of the Apple FAQ for users:
How does this affect me? How do I know if my device has been compromised?
We have no information to suggest that the malware has been used to do anything malicious or that this exploit would have delivered any personally identifiable information had it been used.
We’re not aware of personally identifiable customer data being impacted and the code also did not have the ability to request customer credentials to gain iCloud and other service passwords.
As soon as we recognized these apps were using potentially malicious code we took them down. Developers are quickly updating their apps for users.
Malicious code could only have been able to deliver some general information such as the apps and general system information.
Is it safe for me to download apps from App Store?
We have removed the apps from the App Store that we know have been created with this counterfeit software and are blocking submissions of new apps that contain this malware from entering the App Store.
We’re working closely with developers to get impacted apps back on the App Store as quickly as possible for customers to enjoy.
A list of the top 25 most popular apps impacted will be listed soon so users can easily verify if they have downloaded the latest versions of these apps. After the top 25 impacted apps, the number of impacted users drops significantly.
Customers will be receiving more information letting them know if they’ve downloaded an app/apps that could have been compromised. Once a developer updates their app, that will fix the issue on the user’s device once they apply that update.
We’re working to make it faster for developers in China to download Xcode betas. To verify that their version of Xcode has not been altered, they can take the following steps posted at
iPhone, iPad and iPod touch users should also read our XcodeGhost FAQ to learn more about the malware and how to keep yourself protected.
Apple also outlined steps for developers to validate Xcode using Terminal on OS X.
Popular Stories
iOS 17.2 has been in beta testing for over a month, and it should be released to all users in a few more weeks. The software update includes many new features and changes for iPhones, including the dozen that we have highlighted below. iOS 17.2 is expected to be released to the public in mid-December. To learn about even more features coming in the update, check out our full list. Journal ...
Unidentified governments are surveilling smartphone users by tracking push notifications that move through Google's and Apple's servers, a US senator warned on Wednesday (via Reuters). In a letter to the Department of Justice, Senator Ron Wyden said foreign officials were demanding the data from the tech giants to track smartphones. The traffic flowing from apps that send push notifications...
Apple today released new firmware update for both the Lightning and USB-C versions of the AirPods Pro 2. The new firmware is version 6B34, up from the 6B32 firmware introduced in November. Apple does not provide details on what features might be included in the refreshed firmware beyond "bug fixes and other improvements," so it is unclear what's new in the update, but prior software releases ...
Apple's Korean suppliers have begun developing smartphone under-display cameras (UDC), paving the way for the first iPhone with a true "all-screen" appearance. According to The Elec, LG Innotek has entered the preliminary development of the UDC, which sits under the display and does not result in a visible hole in the panel when the camera is not in use. A UDC differs from a typical front ...
The iOS 17.2 update that Apple is set to release to the public in the near future will bring support for the next-generation Qi2 wireless charging standard to the iPhone 13 and iPhone 14 models. Qi2 was mentioned in the release notes for the RC version of the update that came out today. With the addition of support for the new standard, iPhone 13 and iPhone 14 models will work with Qi2...
Recently, MacRumors has received details on the battery currently being tested on the upcoming fourth-generation iPhone SE, and the information corroborates previous findings in relation to the device. The iPhone SE 4, known by its device identifier D59, is expected to use the exact same battery found in the base model iPhone 14. Partially assembled prototypes of the next iPhone SE have been ...
Today we're tracking a collection of deals that are matching - or nearly matching - the same all-time low discounts we saw during Black Friday. This includes the AirPods Pro 2 with USB-C, 9th generation iPad, and M1 MacBook Air. Note: MacRumors is an affiliate partner with some of these vendors. When you click a link and make a purchase, we may receive a small payment, which helps us keep the ...
Meta has revealed plans to end Instagram users' ability to chat with Facebook accounts later this month, rolling back a feature that it introduced over three years ago. In September 2020, Meta (then Facebook) announced it was merging its Facebook Messenger service with Instagram direct messaging, allowing Instagram users to chat with Facebook users and vice versa using the same platform....
Top Rated Comments
Corruption can happen anywhere. It just so happens that a lot of low cost, under-regulated business is happening in China right now. Germany, the US, and Japan don't have that excuse, but they let it happen too. I think it's easy to fall back on stereotypes and say that the events in some countries are "unique" and in other countries it's "endemic" without thinking it through.
Edit: I just noticed you said "internet common sense", which I recognize as being different from actual common sense...
Apps removed, users informed personally, C&C server taken down, devs notified. What's left for Apple to do, run around with their pants on their heads?
What bothers me a little bit is that they really don't respond quickly to outside reports of vulnerabilities until they threaten bad press. I almost think they think security through very carefully, and have many very competent people focused on the problem, but suffer from some arrogance induced blindness.
Why are they only sharing this information in China-- some of those apps are used globally.
Why did this take so long to provoke a reaction? When this report first came out 6 days ago, Apple should have sounded an internal alarm and gotten information within hours that would lead to action the same day.
I get that this isn't the end of the world, it's most likely a minor trojan that was mostly likely thwarted by Apple's security design. Still, it shouldn't be taken this casually. I don't care if the big picture impact is minimal-- we rely on App Store review to protect us from this nonsense, and it was circumvented because someone created a rogue version of an Apple branded product. I'd feel much more comfortable if Apple had moved on this more aggressively.