Serious failure allows malware to enter the App Store; Apple recognizes and cleans [atualizado 4x]

Apple has faced a nasty headache in recent days with the App Store and is already taking steps to remedy it.

Palo Alto Networks found (1, 2) that “hundreds” of apps published in the Apple store were infected with malware now identified as XcodeGhost.

To go through Apple's rigorous approval process, these apps including the famous WeChat communicator were compiled on machines already compromised by versions of Xcode distributed by the file sharing service of the Chinese portal Baidu. Many developers choose it because Apple's servers are sometimes slow when accessed from China.

Infected apps could be exploited in a variety of ways, but the most common as ever to capture and send users' personal data to crackers.

Reuters, an Apple spokeswoman said that compromised apps have already been removed from the store and that the company is directing developers to use official versions of Xcode to recompile their work.

On a related note, a few days ago we also covered a vulnerability found in AirDrop running on iOS versions earlier than 9.0.

(via The Verge)

Updated by Eduardo Marques · 09/22/2015 s 12:28

On its developer news page, Apple said everyone should download Xcode from the Mac App Store or through the Apple Developer, in addition to downloading apps only from the store or from trusted sources (something it implemented on OS X Mountain Lion). If Xcode happens to be downloaded from pendrives or any other source, however, there is an easy way to check the integrity of the downloaded version.

To do so, just type the command below in the Terminal (located in / Applications / Utilities /) with the Gatekeeper feature enabled:

spctl --assess --verbose /Applications/Xcode.app

This performs the same checks that Gatekeeper uses to validate application code signatures. The tool may take several minutes to complete the evaluation and, in the end, it should show the following in response:

/Applications/Xcode.app: accepted source=Mac App Store

or

/Applications/Xcode.app: accepted source=Apple

or

/Applications/Xcode.app: accepted source=Apple System

The first reports that Xcode was downloaded from the Mac App Store; the other two report that everything was downloaded by Apple Developer. Any result that does not show accepted or any source other than Mac App Store, Apple, or Apple System indicates that the application's subscription is not valid.

Update II · 09/23/2015 s 08:59

To Sina (Google Translate), Phil Schiller senior vice president of global marketing said that Apple will prepare an official repository for Chinese people to download Xcode locally in the country.

The good news is that apparently no infected apps have ever exploited the flaw or sending user data. On the other hand, it may be that their number is much higher than initially expected and that some are still available on the Chinese App Store.

(via 9to5Mac)

Update III · 09/24/2015 s 09:48

Apple posted on its Chinese website a FAQ about XcodeGhost listing the 25 most popular apps affected by it. Only the store in China was affected.

Update IV · 09/24/2015 s 15:09

According to the Mac Security Blog, Apple updated the system XProtect OS X to protect the operating system from both OSX.XcodeGhost.A and other malware identified as OSX.Genieo.D. With that, OS X is now able to detect and block infected copies of Xcode.