Apple’s App Store has seen a number of compromised apps being introduced, infected with the XcodeGhost malware. This was caused by developers, mostly in China, installing tweaked versions of Xcode, the app used to develop apps for iOS and OS X.
Apple has published instructions explaining how to validate your version of Xcode. As Apple says,
When you download Xcode from the Mac App Store, OS X automatically checks the code signature for Xcode and validates that it is code signed by Apple. When you download Xcode from the Apple Developer website, the code signature is also automatically checked and validated by default as long as you have not disabled Gatekeeper.
Whether you downloaded Xcode from Apple or received Xcode from another source, such as a USB or Thunderbolt disk, or over a local network, you can easily verify the integrity of your copy of Xcode.
If you’ve gotten Xcode from channels other than the Mac App Store or Apple’s Developer website, make sure to check your copy.
I followed Apple’s instructions, and I get this:
/Applications/Xcode.app: invalid resource directory (directory or signature have been modified)
I’m a bit curious about this. I downloaded my copy from the Mac App Store, and I don’t see how anything can be wrong with it…
HA! how great, I just checked my xcode with the command spctl –assess –verbose /Applications/Xcode.app and found out that it has been compromised, whats worse is the xcode came preinstalled when I bought my mac brand new just 1.5 years ago. WOW! Now I have an app that has been pending review for 6 days that I will have to remove and recompile, GREAT! NOTHING COULD BE BETTER!
HA! how great, I just checked my xcode with the command spctl –assess –verbose /Applications/Xcode.app and found out that it has been compromised, whats worse is the xcode came preinstalled when I bought my mac brand new just 1.5 years ago. WOW! Now I have an app that has been pending review for 6 days that I will have to remove and recompile, GREAT! NOTHING COULD BE BETTER!
Mine’s validate just fine — xCode 7 downloaded just a few days ago as an update on the previous version.
Mine’s validate just fine — xCode 7 downloaded just a few days ago as an update on the previous version.