Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Malware Injected Into Xcode Projects Could Infiltrate Mac App Store
- Thread starter MacRumors
- Start date
- Sort by reaction score
I mean. For the sake of argument, yes. 30% of your $0 went to Apple. Just like 30% of a $2.99 App Store purchase goes to Apple. Even if 30% of $0 is $0. That is how math works, yes.
What makes you so sure of this?
How do we know ?
"Going forward, the researchers caution Mac users to be alert for unusual activity with permission alerts. Any repeated or suspicious notifications asking for permissions on macOS may be an indication of an infection."
What are the symptoms, just the permissions ?
I don't have an issue with the 30% app fees (as an ex-dev). Apple did a lot of work on my behalf and that's what I signed up for.
I don't get why people are screaming about Apple and the 30% fee in this post. If anything, Apple is saving people from getting this virus. The problem isn't IN Xcode, it's in projects that Xcode builds. Apple didn't introduce the problem and now that this is known, Apple is going to start looking for it. However, if you download software outside of the Mac App Store, it's more likely that you download an infected app because Apple is NOT looking it over. Whining about this is similar to people whining about the old Xcode Ghost bug from people downloading infected versions of Xcode from 3rd parties.
But no, let's just call this something it's not and whine about Apple. I would tell you all to just stop following MacRumors if you hate Apple so much, but they deserve to keep making money off of your Ad Revenue.
Trolls exist under every bridge, but we will still keep moving forward over it to reach the destination. Get out from under the bridge and move on.
But no, let's just call this something it's not and whine about Apple. I would tell you all to just stop following MacRumors if you hate Apple so much, but they deserve to keep making money off of your Ad Revenue.
Trolls exist under every bridge, but we will still keep moving forward over it to reach the destination. Get out from under the bridge and move on.
And people want alternative app stores....
Alternative app stores would permit you to buy or download anti-virus software that integrates with the OS.
As the situation currently stands, Apple does not permit anti-virus software to be integrated with the OS.
3rd party App Stores would improve your options for security.
Besides, looking to Android which has had alternative app stores since forever, nobody seems to have any complaints there. Why would anybody complain if that option came to iOS without a precedence for complaints?
Jobs died a long time ago… 9 years ago. So it was surprising to me that he had the opportunity to say such a thing.
Do you have a link to that quote? I'd like to read what else he had to say on the subject within that article.
As an ex-dev, you really don't have authority to speak on behalf of all current developers in this situation where Apple take 30% of their paychecks. How about you go an sign-up for the app store again, create a desirable app, charge what you desire but then add 30% to account for the Apple tax, and then see how many customers pay for your product. Then you might have a different opinion "as a developer".
Right off the bat, I am speaking for myself. With thousands and thousands of developers on IOS there are sure to be various opinion but I feel confident many of the negative opinions in some of these threads are from people who not only speak on others behalf, but are not/haven't been devs. The bolded is a strawman.
As an iOS developer, it annoys me to no end that none of the articles I read about this malware mentions
Also, this quote from the article
- Which repositories are known to contain this malware?
- How can I test if my development machine is infected?
Also, this quote from the article
doesn't make any sense. That's like beginning a sentence with "Car manufacturers who rely on factories". Essentially every developer relies on repositories.
Most of the time I think Trend Micro is looking for business against Mac OS.
You have to remember Mac OS users aren't getting all their software from the store and neither are they ever had much risk though the years.
In fact a lot of us usually tease PC owners with their thousands of types of malware that the Mac is pretty safe comparably.
So again it's not the 30% at all, it the fact that Apple continuously hardens the Mac OS against hackers trying to skirt its admin locked operation.
Last edited:
If I tell you, “Going forward, I caution you to be alert for dragons”, is that proof that dragons exist?
Hackers try lots of tricks to bypass a OS protection, but Mac OS is considerably more hardened than iOS/IpadOS.
While we acquire a lot of software from the Apple store, we have never had issues that caused a lot of problems downloading software from reputable Apple software vendors web sites that are well know. Some well known open source software has also been without issues.
Still anyone can become vulnerable to dirty tricks like this example effecting the development environment.
Yes, and next time you should keep quiet and stop conjuring dragons, because I have enough fire problems right now.
I suppose most here are ignorant to the fact that App Code gets screened, including binary files for string patterns that cannot be produced without some sort of malware modifying the binaries. Apple sources your code and will verify that Github code before it allows it onto the AppStore. They'll just enhance reviews even deeper and make upgrades take even longer now.
"Apple have some work to do, but still macOS is the most secure platform available. I am delighted by how Apple stands for privacy. However, I am sure that malware development will get almost impossible in the future." [emphasis mine]
What is the broken English in the bolded sentence supposed to mean? That it will become impossible to develop malware in the future, or impossible to deal with such malware in the future?
The "However" suggests the latter, but neither interpretation makes sense. Rather, malware creation and malware prevention/detection/mitigation are an ongoing arms race.
What is the broken English in the bolded sentence supposed to mean? That it will become impossible to develop malware in the future, or impossible to deal with such malware in the future?
The "However" suggests the latter, but neither interpretation makes sense. Rather, malware creation and malware prevention/detection/mitigation are an ongoing arms race.
Last edited:
Apple doesn't always act on every security risk reported, it depends on what OS version reported against. Does the latest beta have the same risk, the current shipping OS version, previous versions. The degree that this constitutes risk, not hypothetical scenarios. Sometimes it takes a good deal of research to determine what is the best solution. Is it even important against the build in protections that a user would be impacted? We seen the author come back and make a example public because he is concerned hacker might utilize it. Its not like Apple at all times jumps on every security issue as paramount to being absolutely necessary. A lot of these as I said have to be studied and see what a programming change would also effect such as with existing software.
Last edited:
How is this different than any other project you fetch from GitHub. If I use a C# project from GitHub I am also open to the same issues.
So much for all the people bitching on the Epic thread about how having a closed wall system is the best thing in the world!
macOS is not the most secure platform according to a lot of stuff I have read. It just happens to not be targeted as much.
macOS is not the most secure platform according to a lot of stuff I have read. It just happens to not be targeted as much.
A unethical diary plant blends margarine into butter (malicious project templates). Bakery plants (developer) buy tainted butter unawarely, and use them to make cupcakes (apps). Then the cake shop (publisher) sells these tainted cupcakes in a brand counter of an outlet (Apple).
Now the outlet is blamed, because cake shop pays slotting allowance to the outlet. This logic is amazing.
Now the outlet is blamed, because cake shop pays slotting allowance to the outlet. This logic is amazing.
And if working. With a team/company that will use the code, every developer should document the source of shared code they’ve sourced in their contribution to their work!!