近日,乌云爆出从第三方下载的XCode版本存在被植入后门的风险,具体请看:http://drops.wooyun.org/news/8864
我拿到几个样本发现,被植入的包存在与:XCode6.x - XCode7正式版之间 ~~ 当然连Beta版本也没放过 被上传到百度网盘、迅雷等
因此,友情提醒一下:请从Apple官方下载XCode!!
1.将/Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/Library 删除
此时编译会发现报错:
ld: file not found: /Applications/Xcode.app/Contents/Developer/Platforms/iPhoneOS.platform/Developer/SDKs/Library/Frameworks/CoreServices.framework/CoreServices clang: error: linker command failed with exit code 1 (use -v to see invocation)
2.打开/Applications/Xcode.app/Contents//PlugIns/Xcode3Core.ideplugin/Contents/SharedSupport/Developer/Library/Xcode/Plug-ins/CoreBuildTasks.xcplugin/Contents/Resources/Ld.xcspec
发现有这么一段:
{
Name = "ALL_OTHER_LDFLAGS";
Type = StringList;
DefaultValue = "$(LD_FLAGS) $(SECTORDER_FLAGS) $(OTHER_LDFLAGS) $(OTHER_LDFLAGS_$(variant)) $(OTHER_LDFLAGS_$(arch)) $(OTHER_LDFLAGS_$(variant)_$(arch)) $(PRODUCT_SPECIFIC_LDFLAGS) -force_load $(PLATFORM_DEVELOPER_SDK_DIR)/Library/Frameworks/CoreServices.framework/CoreServices";
"CommandLinePrefixFlag" = "";
},替换为:
{
Name = "ALL_OTHER_LDFLAGS";
Type = StringList;
DefaultValue = "$(LD_FLAGS) $(SECTORDER_FLAGS) $(OTHER_LDFLAGS) $(OTHER_LDFLAGS_$(variant)) $(OTHER_LDFLAGS_$(arch)) $(OTHER_LDFLAGS_$(variant)_$(arch)) $(PRODUCT_SPECIFIC_LDFLAGS)";
"CommandLinePrefixFlag" = "";
},3.改完重启XCode再次编译,顺利通过!!
已有1位网友发表了看法:
发表评论