A new backdoor threat has been discovered that aims to compromise Apple developers’ Macs with a trojanized Xcode project. This malware can record victims’ microphone, camera, keyboard, and also upload/download files. The first in the wild example of the threat was found within a US organization.
Expand Expanding Close
If you are a developer, you probably have to compile new builds of an app several times a week, or even in one day. Lickability, the company behind Accelerator and Pinpoint apps, is today launching a new app called “Buildwatch for Xcode,” which is a developer tool designed to manage how much time you spend compiling apps and also helps you optimize it.
Expand Expanding Close
Apple has just released Xcode 11.3.1 for developers — the tool used to create iOS, macOS, watchOS, and tvOS apps. This week’s update features overall improvements and bug fixes, including enhancements to compile Swift files.
With the release of iOS 11.3 beta 1 and macOS 10.13.4 beta 1, Apple has also issued the first beta of Xcode 9.3 for developers. This version promises to fix lots of bugs and improve compilation times for Swift projects.
Following today’s keynote, Apple has released the first betas for Xcode 9 and Swift Playgrounds 2. Today also marks the release of Swift Playgrounds 1.5 which will allow young developers to take control of robots, drones, and musical instruments.
Developer Andrew Wilk tweeted screengrabs of what appears to be an early version of Dark Mode in the first iOS 10 beta, running in Xcode.
Mac Aficionados responded with their own screengrabs, saying that they’d found it in iBooks, Safari, Alarm and iTunes, though it’s unclear whether the iBooks example differs from the existing app-specific dark mode introduced in iOS 9 …
Apple today has pushed the golden master build of Xcode 7.3.1 to developers. The update carries the build number 7D1012 and focuses primarily on bug fixes ahead of its upcoming release to the general public.
Starting with Xcode 7, Apple made it possible to sideload apps on the iPhone, iPad, and Apple TV using a free Apple ID. Although a paid developer account is still required to deploy apps to the App Store, users wishing to sideload open source apps on a personal device can do so with relative ease. In this post, we’ll show you how easy it is to create a free Apple developer account for sideloading apps using Xcode. Expand
Expanding
Close
Apple has released Xcode 7.3 for developers, following a lengthy beta period, with several new features, enhancements and bug fixes. First and foremost, Xcode 7.3 includes the latest SDKs for iOS 9.3, watchOS 2.2, OS X 10.11.4. It also bundles the latest release of Swift version 2.2.
Xcode 7.3 include several new features, including more intelligent code completion so developers can more quickly write their programs. It also lets developers more easily handle developing for Apple Watch, with quick switching between paired Watches. The debugger now automatically evaluates framework code, a big pain point for developers to date. The static analyzer has been upgraded to detect more potential issues related to pointer nullability.
In his security and privacy post regarding iOS’s current music library, Ben Dodson adds a small addendum explaining that with iOS 9.3 apps can now add music that currently exists in the Apple Music catalog directly to a user’s music library. While a small and under-discussed feature, it opens up further possibilities for many different kinds of apps and application developers.
Expand
Expanding
Close
On Wednesday, Google released their aptly named UI testing framework, EarlGrey. Having been using the framework in a few of their current iOS apps already for functional testing, it’s good to hear that the product has been validated before an initial public release.
Apple this evening has pushed a small update to its developer software Xcode. The update bumps the app to version 7.2.1, following the initial release of version 7.2 late last year. Xcode 7.2.1 carries the build number 7C1002 and includes a handful of under-the-hood fixes and improvements.
Just a week after the last version, Apple has released iOS 9.2 beta 4 to testers for iPhone, iPad, and iPod touch. The first iOS 9.2 beta appeared alongside Xcode 7.2 beta in late October. We’ll dive into the latest beta and update with any changes we discover. Expand
Expanding
Close
Yesterday we shared that the popular automatic screen brightness adjusting app Flux had found a way to make it from the Mac to iPhones and iPads on iOS 9. This afternoon the developers behind Flux announced that the app will no longer be available on iOS at the request of Apple. In a blog post sharing the development, the developers behind the app said that Apple contacted them to say that the app violated Apple’s Developer Program Agreement. While the app was unofficially supported on iOS 9 as a sideloaded app and not an official App Store app, Flux did use Xcode signing to work properly on iPhones and iPads. Expand
Expanding
Close
Three weeks after the release of Xcode 7.1 to developers, Apple today has released Xcode 7.1.1 to the Mac App Store. The update brings about a handful of under-the-hood fixes relating to the new features added with the more significant 7.1 update last month.
Apple says that Xcode 7.1.1 improves the overall stability of the app, making for an improved developer experience. Apple also says the update fixes “critical issues” in the Interface Builder, debugging, and UI testing.
Last month, Xcode 7.1 added support for the new Apple TV’s tvOS, as well as storyboard support for 3D Touch gestures, a new workflow to add a devices for development and testing, and a handful of other minor changes.
Xcode 7.1.1 is available now from the Mac App Store.
Security firm FireEye said in a blog post that XcodeGhost – a fake version of Xcode that injected malware into genuine apps – remains a threat. FireEye has identified a more advanced version of the compromised app development tool, XcodeGhost S, which has been designed to infect iOS 9 apps and allow compromised apps to escape detection by Apple.
XcodeGhost is planted in different versions of Xcode, including Xcode 7 (released for iOS 9 development). In the latest version, which we call XcodeGhost S, features have been added to infect iOS 9 and bypass static detection.
We have worked with Apple to have all XcodeGhost and XcodeGhost samples we have detected removed from the App Store.
The company said that by monitoring its customers’ networks, it identified 210 enterprises with infected apps running inside their networks – a third of them in the USA – generating 28,000 attempts to connect to the XcodeGhost Command and Control (CnC) servers … Expand
Expanding
Close
At some point in the future, creating pixel-sharp screenshots, UI videos, and game recordings from your Apple TV may be as easy as hitting a button or two on the Siri Remote, but right now, the only obvious technique is a workaround. Thankfully, the workaround doesn’t require the use of Apple’s Xcode or another developer tool — all you’ll need is OS X’s built-in app QuickTime Player and a USB-C cable of your choice…
Following an announcement last week from Apple that it was delaying support for iOS 9’s App Thinning feature due to a bug with iCloud backups, Apple today released Xcode version 7.0.1 to developers to fix related bugs. Expand
Expanding
Close
Apple has named the top 25 apps infected by the XcodeGhost malware, stating that “the number of impacted users drops significantly” for other compromised apps. Most security researchers now agree that the total number of infected apps is in or around four figures, with many of them still present in China’s App Store … Expand
Expanding
Close
Apple is to make Xcode available for local download from servers based in China as part of its response to the XcodeGhost malware issue. The announcement was made on the Chinese social media site Sina by Phil Schiller, Apple’s senior VP of worldwide marketing (via CNET). It’s believed that many Chinese developers inadvertently downloaded the fake version because the official download was taking too long.
“In the US it only needs 25 minutes to download,” Schiller told Sina, admitting that in China getting Xcode “may take three times as long.” He told the Chinese publication that, to quell this problem, Apple would be providing an official source for developers in the People’s Republic to download Xcode domestically.
Analysis of infected apps by security researchers appears to be revealing a mix of good and bad news … Expand
Expanding
Close
App analytics company SourceDNA – whose clients include Google, Amazon and Dropbox – claims that the compromised versions of many apps remain live in the Chinese App Store. This includes CamCard, which is a very popular app ranked #94.
The apps were infected with malware by a fake version of Xcode dubbed XcodeGhost which legitimate developers were fooled into downloading, believing it to be a copy of the genuine Apple app. A partial list of infected apps has been posted by security company Palo Alto Networks … Expand
Expanding
Close
Update 1: The list of apps has now been updated with apps identified by Dutch security company Fox-IT. The company is reporting seeing malware traffic from the apps in Europe.
Update 2: Rovio has advised that only the version of Angry Birds 2 in the Chinese App Store was affected.
I wish to clarify that Rovio can confirm that only the Chinese build of Angry Birds 2 — available only on the App Store in Mainland China, Taiwan, Hong Kong and Macau — is vulnerable to the security issue. All other builds of Angry Birds 2 available in other countries are completely safe and secure. An update of Angry Birds 2 for customers in Mainland China, Taiwan, Hong Kong and Macau that fixes the issue is coming very shortly.
After yesterday’s revelation that hundreds of iOS apps on the App Store had been infected by malware, security company Palo Alto Networks has posted a list of some of the affected apps – which include Angry Birds 2.
The apps were infected by a fake copy of Xcode dubbed XcodeGhost, unwittingly downloaded by Chinese developers in place of the real thing. It’s believed they downloaded the fake from local servers because it took too long to download the original from Apple’s own servers. It’s not yet known why Apple’s own checks did not detect the malware when apps were submitted to the App Store.
It’s been suggested that over 300 apps are infected, with 31 of them so far identified (list below) … Expand
Expanding
Close
Apple has admitted that it is App Store integrity was compromised as apps were secretly infected by fake Xcode tools before submission to the App Store. The company has now officially acknowledged the problem and is now removing apps affected by this ‘hack’ from the App Store.
Developers were inadvertently submitting malware by using counterfeit versions of Xcode, Apple’s development software, to submit apps. The fake Xcode, dubbed XcodeGhost, would inject malicious code into otherwise-legitimate apps during the submission process.
Hamza Sood has cleverly used asset catalogs with the Xcode 7 GM to confirm the rumors around the iPhone 6s and iPad Pro RAM specifications. It confirms that the iPhone 6s has 2 GB of RAM, up from 1 GB in the iPhone 6, and the iPad Pro has 4 GB RAM, a 100% increase from the 2 GB in the iPad Air 2’s A8X chip.
Not much of a surprise but Xcode confirms 2GB of RAM for the 6s (and 6s plus), and 4GB for the iPad Pro pic.twitter.com/X8Ym4DtamS
— Hamza Sood (@hamzasood) September 13, 2015