Tag
xcodeghost
Safeguard articles tagged "xcodeghost" — guides, analysis, and best practices for software supply chain and application security.
3 articles
Incident Analysis
XcodeGhost iOS supply chain malware campaign
XcodeGhost hid inside Xcode itself, silently infecting 4,000+ App Store apps like WeChat. Here is how the iOS supply chain malware campaign worked.
Nov 6, 20258 min read
Supply Chain Security
XcodeGhost Revisited: How a Trojanized IDE Infected Thousands of iOS Apps
XcodeGhost compromised Apple's developer toolchain by distributing a modified Xcode IDE. Years later, the attack remains a textbook example of build-tool supply chain compromise.
Nov 15, 20216 min read
Incident Analysis
XcodeGhost: When the Compiler Was the Attacker
XcodeGhost in 2015 infected at least 128 million iOS users through a malicious Xcode download. It is still the cleanest compiler-trust case.
Feb 18, 20197 min read