You should always download Xcode directly from the Mac App Store, or from the Apple Developer website, and leave Gatekeeper enabled on all your systems to protect against tampered software.
“The more rigorous testing regime required before an iOS app can be published has always been considered to be the reason for this difference, but in this case it seems to have fallen short”.
About the reason behind removing the Peace ad-blocker from the App Store within three days of launch, Arment said in a blog post released on Friday that he had pulled the app because he had a change of heart about the manner in which the app worked.
What to watch for today: Hundreds of millions of iPhone and iPad users may be at risk after the first-ever major attack on Apple’s App Store.
The company is also set to inform users directly if they have downloaded an app affected by XCodeGhost.
Veracode principal solutions architect John Smith says the attack challenges the notion that iOS is safer than Android.
Researchers said infected apps included Tencent Holdings’ popular mobile chat app WeChat, car-hailing app Didi Kuaidi and a music app from Internet portal NetEase.
A FireEye spokesman tells Vulture South that numerous infected apps are owned by “big Chinese global brands” such as consumer electronics, telcos, and banks.
Apple is now working on fixing the largest security breach in the history of the App Store after hackers infiltrated malware inside genuine apps by fooling developers to download a compromised iOS app making software version.
A security analyst said that users who have installed any of these infected apps shouldn’t worry too much as the iPhone-maker would be able to take care of it if an attack is really bad.
Marketing chief Phil Schiller told Chinese news site Sina.com it would offer domestic downloads within China of its developer software.
Apple spokeswoman Christine Monaghan confirmed that her company was taking steps to remove the infected apps and to notify its developers.
According to reports, Apple sent a letter out to its registered developers urging them to validate their version of Xcode and ensure they only download new versions from Apple.
Dubbed as XcodeGhost, the malware was advertised by hackers on a Chinese server called Baidu Pan, promising faster downloads of the Xcode software.