All Posts by Date or last 15, 30, 90 or 180 days.
also by Lloyd: diglloyd.com photography and WindInMyFace.com
Thank you for purchasing through links and ads on this site.
OWC / MacSales.com...
diglloyd Deal Finder...
Buy other stuff at Amazon.com...
Upgrade the memory of your 2018 Mac mini up to 64GB

Apple XCode Ghost Compromises some Apps in the Apple App Store

View all articles and blog posts on security.

The recent Apple XCode Ghost fiasco speaks to a lapse in the security chain, which is the key point: all security mechanisms are as weak as the weakest link in the chain. To wit, if the front door is barred and locked, crawl in through the unlocked window. This failure in in part an Apple process failure, though MPG has no particular answer as to how Apple can fix this sort of problem.

This quote from Validating Your Version of Xcode (for developers with XCode) hits the nail on the head, and not just for developers: it is a huge risk to download any software from anywhere other than the entity that develops/sells it.

We recently removed apps from the App Store that were built with a counterfeit version of Xcode which had the potential to cause harm to customers. You should always download Xcode directly from the Mac App Store, or from the Apple Developer website, and leave Gatekeeper enabled on all your systems to protect against tampered software.

...

To verify the identity of your copy of Xcode run the following command in Terminal on a system with Gatekeeper enabled:
spctl --assess --verbose /Applications/Xcode.app
... Any result other than ‘accepted’ or any source other than ‘Mac App Store’, ‘Apple System’ or ‘Apple’ indicates that the application signature is not valid for Xcode. You should download a clean copy of Xcode and recompile your apps before submitting them for review.


B&H Deal ZoneDeals by Brand/Category/Savings
Deals expire in 17 hours unless noted. Certain deals may last longer.

diglloyd.com | Terms of Use | PRIVACY POLICY
Contact | About Lloyd Chambers | Consulting | Photo Tours
Mailing Lists | RSS Feeds | Twitter
Copyright © 2019 diglloyd Inc, all rights reserved.
Display info: __RETINA_INFO_STATUS__