Threat Category: Supply Chain
Threat Description: An adversary with access to software processes and tools within the development or software support environment can insert malicious software into components during development or update/maintenance.1
XcodeGhost distributed a malicious version of Xcode (Apple’’s developer tools) that automatically includes malicious code in compiled iOS apps.
App developers should ensure that development tools are obtained from a trusted source (e.g. directly from the vendor).Enterprise
Only software digitally signed by a trusted developer should be used, and the integrity of software development installation packages should be verified prior to installation
Obtained software should be installed onto target operating systems in a known-good state (fresh install from verified installation media) in a test environment, which is then evaluated for any indicators of compromise prior to authorization of production use
Internet Security Threat Report vol. 21, Symantec, 2016; https://docs.broadcom.com/doc/istr-16-april-volume-21-en [accessed 8/1/2022] ↩