On Tuesday, we reported that Apple had sent a notice to its registered developers about a Malware version of its XCode development suite.
Now the company has taken a step further by issuing another notice on how to make sure that they are running a “real version” of its XCode suite:
“To verify the identity of your copy of Xcode run the following command in Terminal on a system with Gatekeeper enabled:Â
spctl –assess –verbose /Applications/Xcode.appÂ
where /Applications/ is the directory where Xcode is installed. This tool performs the same checks that Gatekeeper uses to validate the code signatures of applications. The tool can take up to several minutes to complete the assessment for Xcode.Â
The tool should return the following result for a version of Xcode downloaded from the Mac App Store:Â
/Applications/Xcode.app: acceptedÂ
source=Mac App StoreÂ
and for a version downloaded from the Apple Developer web site, the result should read eitherÂ
/Applications/Xcode.app: acceptedÂ
source=AppleÂ
orÂ
/Applications/Xcode.app: acceptedÂ
source=Apple SystemÂ
Any result other than ‘accepted’ or any source other than ‘Mac App Store’, ‘Apple System’ or ‘Apple’ indicates that the application signature is not valid for Xcode. You should download a clean copy of Xcode and recompile your apps before submitting them for review.”
Apple has suggested that any developer who is not sure if he/she is running a genuine version to delete the unsure copy and then come to its main developer’s web site at http://developer.apple.com to get the link for the correct version in the Mac App Store.