Have you heard about Xcode Ghost, a patched version of Xcode many developers downloaded and used which added code to the final built output? It reminds me of Ken Thompson's famous speech describing a C compiler that detects when it's compiling itself, and inserts code into the output.
Have you heard about Xcode Ghost, a patched version of Xcode many developers downloaded and used which added code to the final built output? It reminds me of Ken Thompson's famous speech describing a C compiler that detects when it's compiling itself, and inserts code into the output.
It makes me wonder about all those people who supposedly use cracked versions of Delphi, and if those cracks have ever been examined for anything clever.
http://arstechnica.com/security/2015/09/apple-scrambles-after-40-malicious-xcodeghost-apps-haunt-app-store/
https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf (PDF link.)
It makes me wonder about all those people who supposedly use cracked versions of Delphi, and if those cracks have ever been examined for anything clever.
http://arstechnica.com/security/2015/09/apple-scrambles-after-40-malicious-xcodeghost-apps-haunt-app-store/
https://www.ece.cmu.edu/~ganger/712.fall02/papers/p761-thompson.pdf (PDF link.)
Jeroen Wiert Pluimers I remember that one. At work I got caught with that and was wondering what was going on when I brought an executable home, it would be deleted.
ReplyDeleteTurned out that work's computer got infected and the A/V wasn't updating itself. Thankfully, it was the time were the files were not password protected in 7zip, so all I had to do was to compare and replace from the CD :-)
Nicholas Ring oh yes, the 7zip passwords (:
ReplyDeleteJeroen Wiert Pluimers I can understand why they need to do it but it still annoying. :-)
ReplyDelete