| HN Mirror

Y	Hacker News new \| ask \| show \| jobs


	by FreakLegion 2137 days ago
	> Wow, the way it spreads is fascinating, reminiscent of Reflections on Trusting Trust. Interestingly it's happened to Xcode before, and an impressive number of bad apps made it to the App Store as a result. See https://en.wikipedia.org/wiki/XcodeGhost.

2 comments

JimDabell 2137 days ago

XcodeGhost wasn’t an attack like this. That was a compromised version of Xcode. This doesn’t require a compromised version of Xcode; it infects Xcode projects. To perhaps put it into more familiar terms, this is as if a malicious Makefile goes around rewriting other Makefiles to include itself.

link

FreakLegion 2136 days ago

XcodeGhost was an attack like this in the context of Thompson's lecture, mentioned by Thorrez. Neither fully lives up to Thompson's premise, though. XcodeGhost is the closer of the two.

link

gridlockd 2137 days ago

The underrated risk of making your SDK so huge and inaccessible that people would rather get it from untrusted sources.

link

panpanna 2137 days ago

In this case it was partially due to issues with the great Chinese firewall.

link