After the iOS App Store has been inundated with hundreds of apps infected with the XcodeGhost compiler malware, Apple has decided that every developer should know how to check if the version of Xcode they have installed on their Mac comes directly from Apple's assembling line.
Xcode is an integrated development environment developed by Apple and designed to make it easier for developers to create apps for OS X, iOS, watchOS, and tv OS.
In the past week, security researchers have discovered that multiple Chinese developers have downloaded a modified Xcode build designed to add a piece of compiler malware named XcodeGhost to all the apps they would build using the malicious Xcode copy.
Even though at first Apple chose not to acknowledge the problem, on Sunday they started removing all the infected apps from the iOS App Store and today they published a tutorial on their developer news website detailing how an Xcode installation can be checked to see if it is code-signed by Apple.
To do that, the developer has to run the following command in a Terminal window on systems with the Gatekeeper security feature enabled:
According to Apple, the spctl command-line tool uses the same technique Gatekeeper uses for validating an application's code signature.
Developers should give it time to complete the validation process, since spctl will need up to several minutes to complete the Xcode check.
spctl will display an "accepted" validation message for any clean Xcode build
According to Apple, the spctl tool should return the following result for an Xcode version downloaded from the App Store:
source=Mac App Store
source=Apple
source=Apple System
Next, they should download a clean Xcode build from Apple's Developer website or the Mac App Store, and recompile all their apps before re-submitting them for review.