Skip to main content
See how to fix the iOS malware with the help of the Casper Suite.

How to conquer XcodeGhost

Posted in: Jamf Pro, Casper Suite

Earlier this week it was revealed that developers in China were unknowingly using a hacked version of Xcode — Apple’s development platform. The hacked version of Xcode injected malicious code into a large number of iOS apps and was able to infiltrate Apple’s App Store. Infected apps can send data—such as UDID, device’s name and type, app’s bundle identifier, and more—back to malicious servers.

Apple has already addressed this malware issue and has posted a list of affected apps on their Chinese website: They recommend all users update their apps. It’s also a good idea to uninstall those apps and reset any passwords as a precautionary measure.  

How can IT ensure their users and devices are secure? 
IT admins using the Casper Suite can run a search of their users’ installed apps to see if any match the infected list. IT can then work with the end user directly to update their apps and/or remove them completely. Admins can also set up a smart search for infected apps and receive alerts if any new inventory data appears.

What about developers using Xcode?
If your organization is developing iOS apps, you can ensure your developers’ Macs are secure by directing users to the official copy of Xcode from the Mac App Store and blocking hacked versions. With the Casper Suite, IT can create a policy to block specific apps from installing and running. You can also provide a link to Xcode in Self Service—a customizable app catalogue that is included with the Casper Suite—where users can download the development application that has been approved by IT.

How can IT address future threats?
Security threats are not new and vulnerabilities are going to occasionally occur. Ensure your organization’s devices are secure and patched by using the Casper Suite to take fast action when the next vulnerability arises.