Apple added an XcodeGhost Q&A to its Chinese website today, explaining what XcodeGhost is, what it means for consumers, how it affects them and the steps the company is taking to keep the security of the App Store and users intact.
According to Apple, no evidence has been found that the counterfeit Xcode software has been used for malicious purposes, like the transmission of any personally identifiable data. The company says that the code isn’t able to request customer credentials to gain iCloud or other service passwords.
As for the identified apps, Apple says it is working with developers and will shortly list the top 25 most popular apps impacted on its Chinese website. Since the issue was uncovered, my affected apps have been updated and are no longer infected by XcodeGhost.
Below you can read some of the relevant portions of the FAQ:
Why would a developer put customers at risk by downloading counterfeit software?
Sometimes developers search for our tools on other, non-Apple sites in an effort to find faster downloads of developer tools.
Is it safe for me to download apps from App Store?
We have removed the apps from the App Store that we know have been created with this counterfeit software and are blocking submissions of new apps that contain this malware from entering the App Store.
We’re working closely with developers to get impacted apps back on the App Store as quickly as possible for customers to enjoy.
A list of the top 25 most popular apps impacted will be listed soon so users can easily verify if they have downloaded the latest versions of these apps. After the top 25 impacted apps, the number of impacted users drops significantly.
Customers will be receiving more information letting them know if they’ve downloaded an app/apps that could have been compromised. Once a developer updates their app, that will fix the issue on the user’s device once they apply that update.
Apple also informed developers about the issue, and urged them to validate Xcode using a specific code in Terminal on OS X.