Jamf Blog
See how to fix the iOS malware with the help of the Casper Suite.
September 25, 2015 by Nick Thompson

How to conquer XcodeGhost

Learn how to quickly address the malware issue and discover ways for IT to ensure user devices are secure. 

Earlier this week it was revealed that developers in China were unknowingly using a hacked version of Xcode — Apple’s development platform. The hacked version of Xcode injected malicious code into a large number of iOS apps and was able to infiltrate Apple’s App Store. Infected apps can send data—such as UDID, device’s name and type, app’s bundle identifier, and more—back to malicious servers.

Apple has already addressed this malware issue and has posted a list of affected apps on their Chinese website: http://www.apple.com/cn/xcodeghost/. They recommend all users update their apps. It’s also a good idea to uninstall those apps and reset any passwords as a precautionary measure.  

How can IT ensure their users and devices are secure? 
IT admins using the Casper Suite can run a search of their users’ installed apps to see if any match the infected list. IT can then work with the end user directly to update their apps and/or remove them completely. Admins can also set up a smart search for infected apps and receive alerts if any new inventory data appears.

What about developers using Xcode?
If your organization is developing iOS apps, you can ensure your developers’ Macs are secure by directing users to the official copy of Xcode from the Mac App Store and blocking hacked versions. With the Casper Suite, IT can create a policy to block specific apps from installing and running. You can also provide a link to Xcode in Self Service—a customizable app catalogue that is included with the Casper Suite—where users can download the development application that has been approved by IT.

How can IT address future threats?
Security threats are not new and vulnerabilities are going to occasionally occur. Ensure your organization’s devices are secure and patched by using the Casper Suite to take fast action when the next vulnerability arises.

Nick Thompson
Subscribe to the Jamf Blog

Have market trends, Apple updates and Jamf news delivered directly to your inbox.

To learn more about how we collect, use, disclose, transfer, and store your information, please visit our Privacy Policy.