XcodeGhost official statement from Apple
Ping!
If you want on or off the Mac Ping List, Freepmail me.
Posted on 09/25/2015 2:44:32 AM PDT by Swordmaker
Apple has posted an “XcodeGhost Q&A” information page:
I’ve heard about malicious apps created by XcodeGhost — what does this mean?
We always recommend developers use the free, secure tools we provide them — including Xcode — to ensure they’re creating the most secure apps for App Store customers. Some developers downloaded counterfeit versions of Xcode that have been infected with malware and created apps that were just as infected.
Apple incorporates technologies like Gatekeeper expressly to prevent non-App Store and/or unsigned versions of programs, including Xcode, from being installed. Those protections had to have been deliberately disabled by the developer for something like XcodeGhost to successfully install.
As part of providing developers the industry’s most advanced tools, Apple provides developers the following checks to ensure software is untampered:
- The Xcode app is code-signed by Apple.
- When you download Xcode from the Mac App Store the code signature for Xcode is automatically checked and validated by your system.
- When you download Xcode from the Apple Developer Program web site, the code signature for Xcode is automatically checked and validated by your system by default as long as Gatekeeper is not disabled.
Why would a developer put customers at risk by downloading counterfeit software?
Sometimes developers search for our tools on other, non-Apple sites in an effort to find faster downloads of developer tools.
We’re working to make it faster for developers in China to download Xcode betas. To verify that their version of Xcode has not been altered, they can take the following steps posted at.
How does this affect me? How do I know if my device has been compromised
We have no information to suggest that the malware has been used to do anything malicious or that this exploit would have delivered any personally identifiable information had it been used.
We’re not aware of personally identifiable customer data being impacted and the code also did not have the ability to request customer credentials to gain iCloud and other service passwords.
As soon as we recognized these apps were using potentially malicious code we took them down. Developers are quickly updating their apps for users.
Malicious code could only have been able to deliver some general information such as the apps and general system information.
Is it safe for me to download apps from App Store?
We have removed the apps from the App Store that we know have been created with this counterfeit software and are blocking submissions of new apps that contain this malware from entering the App Store.
We’re working closely with developers to get impacted apps back on the App Store as quickly as possible for customers to enjoy.
A list of the top 25 most popular apps impacted are listed below. After the top 25 impacted apps, the number of impacted users drops significantly.
If users have one of these apps, they should update the affected app which will fix the issue on the user’s device. If the app is available on App Store, it has been updated, if it isn’t available it should be updated very soon.
We will update this page with more information as it becomes available. Please check back from time to time.
• DiDi Taxi
• 58 Classified – Job, Used Cars, Rent
• Gaode Map – Driving and Public Transportation
• Railroad 12306
• Flush
• China Unicom Customer Service (Official Version)*
• CarrotFantasy 2: Daily Battle*
• Miraculous Warmth
• Call Me MT 2 – Multi-server version
• Angry Bird 2 – Yifeng Li’s Favorite*
• Baidu Music – A Music Player that has Downloads, Ringtones, Music Videos, Radio, and Karaoke
• DuoDuo Ringtone
• NetEase Music – An Essential for Radio and Song Download
• Foreign Harbor – The Hottest Platform for Oversea Shopping*
• Battle of Freedom (The MOBA mobile game)
• One Piece – Embark (Officially Authorized)*
• Let’s Cook – Receipes
• Heroes of Order & Chaos – Multiplayer Online Game*
• Dark Dawn – Under the Icing City (the first mobile game sponsored by Fan BingBing)*
• I Like Being With You*
• Himalaya FM (Audio Book Community)
• CarrotFantasy*
• Flush HD
• Encounter – Local Chatting Tool
* This app is currently not available on the App Store.
If you want on or off the Mac Ping List, Freepmail me.
Maybe I’m reading this wrong... But it says TOP 25 not all infected apps. So how many apps were impacted?
Sorry, not buying it that those app makers didn’t know to get from a real Apple site. I think they knew what they were doing and probable talked some kickback money.
Ok, read your second post this time. Wasn’t official apps after all.
Apple has no control over apps distributed by private party.
In one story I read the Apple store had non-infected versions, while most others state that even the Apple store version was infected but those infected versions have now been removed from the store.
So the number of store apps was much lower than the 4000 infected apps claimed, but probably higher than 25 or even 100. Most infected apps outside of the Top 25 were so obscure that their downloads were measured in tens.
They knew. . . a but and that's a possibility, but low on the probability scale especially for the paid apps and most popular ad supported apps where millions of Yuan are on the line. Human nature is probably more to blame.
China required Apple to host their App store on China Telecom's servers. As I understand it China Telecom provided very slow download service for getting apps and Xcode is fairly large as it includes all the APIs as well as the programing language. An alternative was long-distance downloading from international sourcing. . . which is throttled in China. It could take several hours to download. Impatience shot them down.
Several third-party servers for jail-broken apps offered them a free, fast download of Xcode they could get in minutes. . . which tricked them into downloading the XcodeGhost version. These sites told them they had to turn of Gatekeeper for this download because it wasn't an "official site". I doubt they knew they were getting a malicious version of Xcode. These are often their own companies' products that would bear the brunt of blame and potential lawsuits when it would be found out. It was impatience and desire to get started as soon as possible on programing among the programers. It could have been just one programmer in an entire company who "couldn't wait," doing it even against company policy. That's all it would take.
Apple's CEO is meeting with China's president this week while he is in the USA and as I understand it one of the topics under discussion is China's requirement that Apple's China App store being hosted on China Telecom. Apple very much wants to host it on it's own servers in China so it can provision it with much faster service. They have so far convinced China Telecom to increase the speed of app download. . . and they are working with the developers to get the apps that were infected back into the China App store with clean versions.
These are also only the top 25 apps that Apple removed from the Apple App store in China. . . and would not list any from the Jail-Broken App stores as Apple would not be concerned with them. Jail-Broken apps would have been created with Xcode or XcodeGhost as well. There are over a dozen third-party jail-broken app stores in China, with three major ones equivalent to Cydia in the West
As to total numbers, not the total ~4000 plus, seen on the C2 network, but probably under 50 actually on the Apple Store in China. I think the original report of 39 is probably close to correct. That is the number that was reported pulled from the Chinese Apple App Store and I've not seen a revised number for the Apple App Store.
The only revised numbers I've seen reported have been for what's being seen on C2. These ~4000 were apps that were analyzed moving data of the right type on the C2 network, which is the China segment of the Internet, not the Apps actually counted on the Apple App store.
It is logical to conclude that some of those were obviously from the Apple App Store. . . but the majority had to be from jail-broken stores: their titles had not ever existed on Apple's store.
I’m trying to figure out why a developer, who can get all the tools necessary to develop apps for the App Store for FREE - would instead download pirated versions -
I really see this, not as an error - but as intentional - those using these corrupted versions of Xcode are using these altered versions for a REASON - that is to intentionally spread malware.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.