8/22/2023 0 Comments Apple xcode ghost![]() It’s much smaller and simpler than XcodeGhost, and this time it doesn’t infect programs that you compile, although it still does its dirty work at compile time. ![]() Well, researchers at SentinelOne have just written up another supply chain attack they’ve discovered that is directly targeting incautious Xcode developers, and they’re calling this one XcodeSpy. The implanted malware was buried in places that looked like Apple-supplied library code, with the result that Apple let many of these booby-trapped apps into the App Store, presumably because the components compiled from the vendor’s own source code were fine.Īs we said at the time, “ developers with sloppy security practices, such as using illegally-acquired software of unvetted origin for production builds, turned into iOS malware generation factories for the crooks behind XcodeGhost.”Īs you probably know, this sort of security problem is now commonly known as a supply chain attack, in which a product or service that you assumed you could trust turned out to have had malware inserted along the way. The hacked version of Xcode would add malware into iOS apps when they were compiled on an infected system, without infecting the source code of the app itself. Nevertheless, this redistributed version of Xcode seems to have been popular in China at the time – perhaps simply because it was easier to acquire the “product”, which is a multi-gigabyte download, directly from fast servers inside China. You may be wondering, as we did back in 2015, why anyone would download and use a pirated version of Xcode.app when the official version is available as a free download anyway. "Ultimately, XcodeGhost may help influence more secure behaviour and provides an incentive for Apple to make sure that regional distributions of core programming tools are at least as easy to use as their ad-hoc counterparts.It was a pirated and malware-tainted version of Apple’s XCode development app that worked in a devious way. "Given that little damage was done, this event was effectively a drill that provided a valuable object lesson in risky decision-making," Beardsley concluded. Beardsley reckons the XcodeGhost author was "not particularly malicious", based on a review of the Github code. The author has apologised for the "experiment". ![]() It's not that developers are dumb and don't know the risks they simply consider the risk extremely unlikely, and if it's slightly more convenient to ignore one or two security best practices, they will proceed accordingly.Ĭode for XcodeGhost has been published on Github. Skipping certificate checks is a lot like jaywalking most of the time, everything turns out fine. Most of the time, this risky behaviour doesn't end up causing any harm at all. The important thing to stress is that these behaviours don't usually lead to major compromises of developer security. The firm compared skipping cert checks to jaywalking. Rapid7, the firm behind the Metaspolit penetration testing tool, said that although Chinese developers' behaviour might seem to be asking for trouble in the wake of XcodeGhost, it's been going on for years without any particular problems. Searching for "Disable Gatekeeper" in the US turns up about 288,000 results on Google, and there are doubtless many thousands of results in regions where a $99 price tag for a "legitimate" developer credential is a significant cost for student and hobbyist programmers," Beardsley added.Ī version of Xcode containing malicious functionality was uploaded to Baidu’s (Chinese version of Google) cloud sharing platform before multiple developers downloaded it. Xcode is a massive download and this may have played a part in an operation which, in retrospect, looks somewhat risky. ![]() "In this case, an 'untrusted' developer has not paid the $99 Developer ID fee to Apple and thus, cannot sign their code with a valid certificate." "Usually, disabling or bypassing Gatekeeper checks is done to install software from an 'untrusted' developer," said Beardsley. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |