Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

In 2015, a malicious copy of Xcode, XcodeGhost, also performed a similar attack and infected iOS apps from a dozen of software companies in China. Globally, 4000 apps were found to be affected. It was not a true Thompson Trojan, as it doesn't infect development tools themselves, but it did show toolchain poisoning can indeed cause substantial damages.

https://en.wikipedia.org/wiki/XcodeGhost



Ah, but was a version of Xcode compiled with this version, and did that child version of Xcode also have the trojan code?


Very unlikely, and I don't know any Xcode that runs on iOS on mobile devices, so I said it was not a true Thompson Trojan.


Was it "a dozen software companies", or "dozens of software companies"? The current wording says neither.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: