Archive for September 22, 2015

Tuesday, September 22, 2015

The Lost Apple Logos You’ve Never Seen

TheBrainFever (via John Gruber):

The way to tell it from other rainbow Apple logos is that the green top is a little thinner than it should be, and the “chin” (if you imagine the apple bite as a mouth) is a little fat.


From what I can tell, this was the first “public” version of the logo, used on initial print materials. The next version of the logo, the classic rainbow logo, was used for the computer badges, but remained in some print production materials.


I always called that typeface the “stormtrooper” font when I was a kid. I was bit deflated later on when I learned it’s real name was Motter Tektura.

Twitter and Universal Links

Federico Viticci:

Available for devices running iOS 9, Universal Links are regular HTTP links that, when tapped, will open the relevant view in a native app instead, with an option to view in Safari. Universal Links are safe, shared across platforms, and they can only be enabled by apps that have associated websites.


As I noted in my iOS 9 review, third-party Twitter clients won’t be able to take advantage of this integration as only associated app domains (in this case, can verify their iOS app. Even if you don’t use Twitter’s app for iOS, I would recommend keeping it installed if only for the better experience of automatically opening Twitter links from Messages, Mail, and other apps in the native client instead of the website.

Paul Haddad:

Disappointed with Apple’s implementation of Universal Links. IMO should be fully client based and let users choose which apps to open.

Update (2015-09-22): Apple engineer Jonathan Grynspan suggests that Twitter could support third-party clients via the apple-app-site-association file. Based on my understanding of how universal links work, this would not be a good solution (and I doubt Twitter would do this, anyway). But I may be missing something. He refers questions about this to Jonathan Davis.

Jonathan Davis:

Twitter is the authoritative owner of their links. If they want to allow third-party apps, it’s up to them.

Jonathan Grynspan:

App ordering in the JSON file is respected when using arrays, so (if a site wants) they could prioritize third-party clients.


Apple (comments):

We recently removed apps from the App Store that were built with a counterfeit version of Xcode which had the potential to cause harm to customers. You should always download Xcode directly from the Mac App Store, or from the Apple Developer website, and leave Gatekeeper enabled on all your systems to protect against tampered software.

John Gruber:

They didn’t attack the App Store itself, instead, they created a hacked version of Xcode that seems to work as expected but inserts the malware payload into the apps it compiles. Why in the world would developers download Xcode from a source other than Apple? Because China’s internet speeds are so slow (and Xcode is a multi-gigabyte download).

Joe Rossignol:

Palo Alto Networks has shared a full list of over 50 infected iOS apps, including WeChat, NetEase Cloud Music, WinZip, Didi Chuxing, Railway 12306, China Unicom Mobile Office and Tonghuashun.


iOS apps infected with XcodeGhost malware can and do collect information about devices and then encrypt and upload that data to command and control (C2) servers run by attackers through the HTTP protocol.

Joseph Cox:

Apple has now removed over 300 pieces of software from the App Store, after malware that targeted developers managed to create infected iOS apps. On top of that, it looks like the apps are more dangerous to Apple customers than previously thought.


But according to findings from one researcher, and then built upon by Xiao, the infected apps are also capable of receiving commands from the attacker. These commands can apparently allow a hacker to read and write data to the victim’s clipboard, open specific URLs, or prompt a fake alert on the victim’s screen. Some of these could be used to steal passwords, Xiao claims.

So much for the idea that App Review protects us from malware.

Previously: The CIA’s Xcode.

Update (2015-09-22): Dan Goodin:

This isn’t the first time a malicious app has made its way into the App Store, since there are a handful of other times bad titles have been found. Still, the number of infections and of the iOS users potentially affected appeared to be highly unusual, if not unprecedented. What’s more, Chinese firm Qihoo360 Technology, reportedly has said the number of affected apps is much bigger than originally reported, with a total of 344.

The list of infected apps includes some of the most popular apps in China, including the ride-hailing app Didi Kuaidi. WeChat, which has some 500 million users, was also affected, although the infection was limited only to version 6.2.5. People using version 6.2.6 and later aren’t affected, the chat developer said in a blog post.

Rosyna Keller says that XcodeGhost does not prompt for passwords.

Claud Xiao:

In the current version of the code, XcodeGhost cannot be directly used to phish iCloud passwords. However, by changing a few simple lines of code, it can do that.


We’re not aware of personally identifiable customer data being impacted and the code also did not have the ability to request customer credentials to gain iCloud and other service passwords.

Update (2015-10-04): Rainer Brockerhoff:

Needless to say, the new version of RB App Checker Lite also detects the added frameworks and warns: “3 frameworks are suspect: they use system names but are NOT signed by Apple!”.


Therefore, unless you check the entire app contents with GateKeeper, RB App Checker Lite (or even the codesign command-line utility), it will be humanly impossible to pick out visually — by inspection in the Finder — if anything has been changed inside Xcode. So keep GateKeeper turned on! One suggestion Apple should implement is running GateKeeper tests for Apple-signed software even if GateKeeper has been deliberately disabled.

Update (2021-05-07): Lorenzo Franceschi-Bicchierai (tweet):

As part of the trial against Epic Games, Apple released emails that show that 128 million users, of which 18 million were in the U.S., downloaded apps containing malware known as XCodeGhost from the App Store.

Update (2021-05-10): Dan Goodin:

In September 2015, Apple managers had a dilemma on their hands: should, or should they not, notify 128 million iPhone users of what remains the worst mass iOS compromise on record? Ultimately, all evidence shows, they chose to keep quiet.