Trending December 2023 # Apple Educates Developers On Validating Xcode Downloads Following Xcodeghost Malware Attack # Suggested January 2024 # Top 21 Popular

You are reading the article Apple Educates Developers On Validating Xcode Downloads Following Xcodeghost Malware Attack updated in December 2023 on the website Cancandonuts.com. We hope that the information we have shared is helpful to you. If you find the content interesting and meaningful, please share it with your friends and continue to follow and support us for the latest updates. Suggested January 2024 Apple Educates Developers On Validating Xcode Downloads Following Xcodeghost Malware Attack

A new type of attack called XcodeGhost is wreaking something of a mini-havoc in the App Store, injecting its malware payload into popular iPhone and iPad apps and prompting Apple to pull the infected apps.

The malware itself is pretty harmful—it collects and sends information about your device—but the method of spreading is cunning. Rather than target the App Store itself, attackers have distributed hacked versions of Xcode, Apple’s tool required for iOS and OS X development.

As Xcode is a multi-gigabyte download, developers in countries like China where Internet speeds are slow have downloaded these modified Xcode builds from non-Apple sources without realizing a hacked Xcode injects malware when compiling apps.

This morning, Apple issued an email to developers providing an update on the XcodeGhost situation while laying out easy-to-follow instructions for checking if their Xcode copy has been tampered with.

We recently removed apps from the App Store that were built with a counterfeit version of Xcode which had the potential to cause harm to customers. You should always download Xcode directly from the Mac App Store, or from the Apple Developer website, and leave Gatekeeper enabled on all your systems to protect against tampered software.

When you download Xcode from the Mac App Store, OS X automatically checks the code signature for Xcode and validates that it is code signed by Apple. When you download Xcode from the Apple Developer website, the code signature is also automatically checked and validated by default as long as you have not disabled Gatekeeper.

According to Apple’s marketing boss Phil Schiller, who is the steward of the firm’s relationship with app developers, “Apple knows of no cases where malicious apps transmitted user data.”

Apple’s Phil Schiller tells China’s Sina website that Apple knows of no cases where malicious apps transmitted user data.

— CNBC Now (@CNBCnow) September 22, 2023

Here’s Apple’s message to developers.

Whether you downloaded Xcode from Apple or received Xcode from another source, such as a USB or Thunderbolt disk, or over a local network, you can easily verify the integrity of your copy of Xcode.

Furthermore, a post on Apple’s portal for developers contains additional instructions for validating copies of Xcode obtained elsewhere.

To verify the identity of your copy of Xcode, run the following command in Terminal on a Mac computer with the Gatekeeper feature enabled:

spctl --assess --verbose /Applications/Xcode.app

where /Applications/ is the directory where Xcode is installed.

Keep in mind that the above command line can take up to several minutes to complete the assessment for Xcode. Basically, the tool performs the same checks that Gatekeeper uses to validate the code signatures of applications.

It should return the following result for a version of Xcode downloaded from the Mac App Store:

source=Mac App Store

and for a version downloaded from the Apple Developer web site, the result should read either

source=Apple

or

source=Apple System

Any result other than ‘accepted’ or any source other than ‘Mac App Store’, ‘Apple System’ or ‘Apple’ indicates that the application signature is not valid for Xcode.

I’m not sure why anyone would download Xcode from a non-sanctioned source to begin with, but am certainly glad Apple is urging developers to download a clean copy of Xcode before submitting new apps and updates to the App Store.

Source: Apple

You're reading Apple Educates Developers On Validating Xcode Downloads Following Xcodeghost Malware Attack

Apple Announces Q1 2023 Revenue Of $84.3B Following Revision Down From $89

Apple’s earnings day has arrived, and despite massive revenue and profit in the billions, it’s a bit of a different quarter for Apple for a few reasons. For starters, today’s earnings results mark the first time Apple is choosing not to break down revenue by iPhone, iPad, and Mac categories. And Apple already issued a rare guidance revision, lowering revenue guidance from between $89 billion and $93 billion to $84 billion.

With final results out, Apple has reported $84.3 billion in revenue and $19.97 billion in profit during the holiday quarter. During the same quarter a year ago, Apple reported $88.3 billion in revenue and $20.1 billion in profit. The two-year compare gives more perspective, when Apple reported $78.4 billion in revenue and $17.89 billion in profit.

Apple forecasts revenue between $55 billion and $59 billion over the next quarter — one in which it will be up against a $61.1 billion revenue compare year over year and $52.9 billion two years ago. Read on for the full report:

CEO Tim Cook had this to say:

“While it was disappointing to miss our revenue guidance, we manage Apple for the long term, and this quarter’s results demonstrate that the underlying strength of our business runs deep and wide,” said Tim Cook, Apple’s CEO. “Our active installed base of devices reached an all-time high of 1.4 billion in the first quarter, growing in each of our geographic segments. That’s a great testament to the satisfaction and loyalty of our customers, and it’s driving our Services business to new records thanks to our large and fast-growing ecosystem.”

While CFO Luca Maestri added this:

“We generated very strong operating cash flow of $26.7 billion during the December quarter and set an all-time EPS record of $4.18,” said Luca Maestri, Apple’s CFO. “We returned over $13 billion to our investors during the quarter through dividends and share repurchases. Our net cash balance was $130 billion at the end of the quarter, and we continue to target a net cash neutral position over time.”

Apple’s stock is up in after hours trading, thanks in large part to the revenue miss now being baked into the stock price which has recovered since the miss announcement. Apple’s revenue forecast for next quarter is a slight decline, showing that Apple expects to see another quarter without revenue growth, but the dip is a small percentage.

Stay tuned for more coverage of Apple’s earnings call with investors, which takes place at the top of the hour.

Apple Reports First Quarter Results Services, Mac and Wearables Set New All-Time Revenue Records EPS Reaches All-Time High at $4.18

January 29, 2023 04:30 PM Eastern Standard Time

Revenue from iPhone® declined 15 percent from the prior year, while total revenue from all other products and services grew 19 percent. Services revenue reached an all-time high of $10.9 billion, up 19 percent over the prior year. Revenue from Mac® and Wearables, Home and Accessories also reached all-time highs, growing 9 percent and 33 percent, respectively, and revenue from iPad® grew 17 percent.

“While it was disappointing to miss our revenue guidance, we manage Apple for the long term, and this quarter’s results demonstrate that the underlying strength of our business runs deep and wide,” said Tim Cook, Apple’s CEO. “Our active installed base of devices reached an all-time high of 1.4 billion in the first quarter, growing in each of our geographic segments. That’s a great testament to the satisfaction and loyalty of our customers, and it’s driving our Services business to new records thanks to our large and fast-growing ecosystem.”

“We generated very strong operating cash flow of $26.7 billion during the December quarter and set an all-time EPS record of $4.18,” said Luca Maestri, Apple’s CFO. “We returned over $13 billion to our investors during the quarter through dividends and share repurchases. Our net cash balance was $130 billion at the end of the quarter, and we continue to target a net cash neutral position over time.”

Apple is providing the following guidance for its fiscal 2023 second quarter:

• tax rate of approximately 17 percent

Apple’s board of directors has declared a cash dividend of $0.73 per share of the Company’s common stock. The dividend is payable on February 14, 2023 to shareholders of record as of the close of business on February 11, 2023.

Apple will provide live streaming of its Q1 2023 financial results conference call beginning at 2:00 p.m. PST on January 29, 2023 at chúng tôi This webcast will also be available for replay for approximately two weeks thereafter.

Apple periodically provides information for investors on its corporate website, chúng tôi and its investors relations website, chúng tôi This includes press releases and other information about financial performance, reports filed or furnished with the SEC, information on corporate governance and details related to its annual meeting of shareholders.

© 2023 Apple Inc. All rights reserved. Apple, the Apple logo, iPhone, Mac and iPad are trademarks of Apple Inc. Other company and product names may be trademarks of their respective owners.

What Is A Credential Stuffing Attack

Look around, and you will find abundant stories of Cybercrime flooding the internet World. Attackers are finding newer ways to steal private customer data from businesses and using them for their own financial benefits. The consequences are even worse for companies whose business itself is solely based on the internet. The Akamai’s State of the Internet report says that over 8.3 billion malicious login attempts were identified in May and June this year. These are nothing but Credential Stuffing Attacks. Let’s learn more about it.

What is Credential Stuffing

While creating a password for your online credit card or internet banking account, you are often asked to create a strong password consisting of a capital letter, special character, number, etc.  Do you come up with something complex as aXZvXjkdA(0LJCjiN? The answer could well be a “No”.

Usually, we try and come up with something that we can remember easily. For instance, [email protected], which, though satisfies all the preconditions of making a password like it contains a capital letter, a number, and a special character – still is not the password that is hard to break nowadays. It’s worse when you use your birthdates, favorite movie names, favorite Basketball player names, spouse name or even your toddler’s name in your passwords. If this was not enough, we tend to use the same passwords for multiple site logins.

Now if even one of the site that you log in is breached by attackers, your login credentials stand exposed and ready to be exploited.

Attackers can then take your credentials and supply them into an automated tool. This tool can then run those accounts against a target site to see what credentials will work. Think about what they can do if they can gain access to a retail site or worse, your banking site? They are stealing sensitive information or even worse, transfer money to other accounts they create. This whole activity of fraudulently gaining access to others account is called as Credential Stuffing.

With Credential stuffing attack an attacker can use automated scripts and bots to try each credential against a target web site. It uses breached credentials in order to fraudulently gain access to online accounts, and can be considered to be a subset of Brute Force Attacks.

Targets of Credential Stuffing

Apart from a normal Internet users, Credential Stuffing attacks are aimed at organizations in a variety of industries like banking, financial services, government, healthcare, education and more.

Consequences of Credential Stuffing attacks

Victims of Credential Stuffing attacks face financial as well as other tangible losses. Here are some of them:

Reputation loss

Almost all businesses store some amount of personally identifiable information on employees or customers, and these companies are legally obligated to protect this information. In case of an information breach, the company is bound to face reputation loss in the market.

Regulatory Fines

Leaked customer data or business information can often invite regulatory fines. Governments and regulatory bodies can levy stiff fines based on the severity of the breach. These financial burdens can add up and devastate businesses of all sizes.

Operational costs

Companies are bound to incur operational costs due to investigations, remediations, and customer management arising out of Credential Stuffing attacks. The cost can scale to millions, depending on the scope of the attack.

Customer loss

Customer loss is revenue loss, and most companies are likely to lose customers if they are unable to protect their sensitive business data.

How to prevent Credential Stuffing attacks

Taking some basic precautions is the best way to protect from Credential Stuffing attacks. Here is what all you can do:

Best practices for passwords – Adopt best practices when it comes to password management. Set strong and unfamiliar passwords and change them continuously. Also, do not use the same password for multiple logins.

Use VPN – With remote access becoming a way of doing business, use of VPN is necessary. A VPN software allows for a secure network connection even on unsecured networks so that employees can safely use their credentials to access the company network from wherever they are.

Two-factor authentication – Logins that follow a two-factor authentication offer great protection because the second access code is not stored in a database and hence cannot be trapped. In Two-factor authentication, a password is sent to phone or email and is valid only for 60 sec. This essentially downgrades credential-stuffing attacks to distributed denial of service threats, and hence they cannot penetrate that network’s defenses.

Firewalls – Firewalls identify malicious traffic and block the source IP address, shutting down the attack from the source.

Stay safe!

Heard of Password Spray Attacks by the way?

Difference Between Pericarditis And Heart Attack

Chest discomfort, palpitations, and difficulty breathing are symptoms shared by pericarditis and heart attack or myocardial infarction. Myocardial infarction occurs when blood supply to the heart muscle is stopped, resulting in a lack of oxygen in one or more sections of the heart muscle, while pericarditis is inflammation of the pericardium. The following topics expand upon the distinctions between them.

What is Pericarditis?

The inflammation of any of the layers of the thin tissue sac (the pericardium) around the heart is known as pericarditis (from the Greek peri-, meaning “around,” and kardia, meaning “heart,” and-itis, meaning “inflammation”).

Symptoms − Pain in the center or left of the chest, palpitations of the heart, difficulty breathing, weariness, swelling of the abdomen and legs, nausea, and a mild temperature are all symptoms.

Causes − As the most common form of pericarditis, viral infection can also be caused by autoimmune disorders (especially in cases of recurrent pericarditis), myocardial infarction, cancer, acquired immune deficiency syndrome, kidney failure, and drug side effects (such as those caused by warfarin and heparin).

Treatment − Some people get well from pericarditis in around two to four weeks. Antibiotics, non-steroidal anti-inflammatory medications (NSAIDs), rest from vigorous activity, and surgery are all potential therapies for pericarditis.

What is Heart Attack?

A heart attack, or myocardial infarction (“myo” means muscle, “cardial” refers to the heart, and “infarction” denotes tissue death due to lack of blood supply), happens when oxygen-rich blood cannot reach a portion of the heart muscle.

Symptoms − Heart attack symptoms include those listed below−

Discomfort (i.e., pressure, squeezing, or heaviness) or pain in the chest, arm, or below the breastbone.

Discomfort which goes into the jaw, throat, arm, or back.

A feeling of fullness, choking, or indigestion.

Upset stomach, vomiting, dizziness, or sweating.

Fatigue, shortness of breath, or anxiety.

Palpitations or uneven heartbeat.

Silent heart attacks occur in certain people (often those with diabetes), and the sufferers are unaware that anything is wrong.

Causes and Risk Factors − The accumulation of plaque (comprised of cholesterol, deposits, and other substances) in the arteries is responsible for the impeded blood flow. A blood clot forms rapidly once a plaque ruptures, and this clot is the true cause of myocardial infarction. If the heart’s oxygen and blood supply are cut off, irreversible damage will occur within 30 minutes.

Treatment − Treatment for heart attack or myocardial infarction begins in the ambulance or the emergency department since it is a medical emergency. Aspirin and other antiplatelet and anticoagulant medications are used to reduce the severity of heart damage. Cardiac catheterization, balloon angioplasty, and stent replacement are all methods that can be used to unblock the arteries.

Beta-blockers, nitrates, blood thinners, angiotensin-converting enzyme (ACE) inhibitors, and statins are some of the medications used beyond the critical period. Bypass surgery is an option for patients who need to get their hearts’ blood flowing again. To maintain a regular heartbeat, pacemakers are implanted in some individuals.

Differences between Pericarditis and Heart Attack

The following table highlights the major differences between Pericarditis and Heart Attack −

Characteristics

Pericarditis

Heart Attack

Definition

Pericarditis is an inflammation of the pericardium, a small sac of tissue that covers and protects the heart.

Myocardial infarction, also known as a heart attack, happens when oxygen-rich blood stops flowing to part (or all) of the heart muscle.

Findings

Pericarditis is characterized by severe chest discomfort (usually in the middle or to the left), irregular heartbeats, difficulty breathing, weakness, swelling in the abdomen and legs, nausea, and a low temperature.

Feelings of fullness, choking, or indigestion; nausea, vomiting, dizziness, or sweating; weakness, shortness of breath, anxiety, palpitations, or an irregular heartbeat are some of the symptoms. However, “silent heart attacks” occur in which the victim has no warning signs

Founders

Myocardial infarction, malignancy, acquired immune deficiency syndrome, renal failure, and pharmacological side effects are among the causes of pericarditis. The most frequent cause is a viral infection.

Plaque (composed of cholesterol, deposits, and other things) in the arteries blocks blood flow. Myocardial infarction is caused by a blood clot that forms rapidly after the rupture of atherosclerotic plaque.

Conclusion

In this article, we explained in detail the various differences between Pericarditis and Heart Attack

The Dangers For Moonlighting Developers

“You are going to be so busted!”

My coworker Tyler was probably right. But I didn’t care. I had been moonlighting for months writing software on the side, saving up for my latest gadget. I couldn’t wait to play with this new, cool handheld device called a PDA.

(Yes, this was ten years before Phineas and Ferb’s sister Candace made famous the “busted song,” back when everyone desired a Palm Pilot.)

I tried to walk the straight and narrow path. I knew my company had authorized all managers to purchase Pilots on the company’s dime. So when my manager Stan walked past me in the office kitchen with his new Pilot, I saddled up next to him laying on the compliments.

“Those are awesome Stan. You are so lucky!”

Sam smiled and said, “I know. I love this thing. I can actually plug it into my computer and sync with the Internet. How cool is that?”

I didn’t want to miss this opportunity. “I know! I could download articles about the latest software development trends and read them anytime. I think there are opportunities to even explore how to create applications we may be able to use here.”

As Sam grabbed a soda from the fridge, he turned and looked at me questioningly.

“That’s ridiculous. These are only useful for time management, reading content offline and playing games.” Stan laughed and said, “Not that I play any games on it.”

I responded, “Yeah but what if I could create some way to track inventory levels or project tasks? Would the company reimburse me if I bought one for this sort of research?” I stammered not so convincingly because I wasn’t even sure if this was possible.

Sam laughed again and rolled his eyes. “Oh yeah, that will work. These handheld devices will never be useful for running business applications. Sorry my friend, if you want one, you’re on your own.”

So as I followed Sam out of the kitchen back to my cube I formulated a plan to raise some extra cash.

Moonlighting wasn’t something I had considered before. But as luck would have it a friend of mine needed help with setting up his small business with Microsoft Office 97 and building an office automation application.

Granted, I only needed a few hundred dollars for the Pilot, but I had other reasons to raise some extra cash. My car was ready for replacement and my wife and I were thinking about buying a home.

Funny that the main motivation pushing me into moonlighting was the shiny little gadget. Okay, not exactly shiny like the iPad 3’s amazing Retina Display, but even with its dull grayish plastic case it was shiny in my eyes.

I did my best to work at nights and weekends. But because I was also working overtime on a project for my job, my side work was becoming a balancing act requiring later nights and in some cases early mornings in the office.

My co-worker Tyler surprised me one early morning in the office. I was so focused on my laptop screen I didn’t even realize he was standing behind me.

“What are you doing here so early? And what is that you are working on?” Tyler was sharp enough to recognize the code on my screen was not something work related.

I didn’t think it was a big deal to be in the office at 6:30 AM writing code that wasn’t related to work. So I spun around to face Tyler and explained what I was doing.

I was taken aback. “What’s the big deal? I’m still going to get my work project done.”

“You don’t get it do you? You are using a company laptop for side work! You can be fired for that my friend.”

I honestly hadn’t thought about it. Maybe Tyler was right, but I just shrugged, spun back around and started coding again. “Whatever Tyler. I will get this done before Stan gets in. It’s not a big deal. Just please keep it to yourself.”

Tyler said, “I won’t rat you out. But be careful man.”

Over the next few weeks I could feel the stress building. It became obvious my work project deadline and my side project deadline were about to collide. I didn’t think ahead to see how much the deliverable timing was going to impact my ability to get everything done.

Htc One A9 Twrp Recovery: Downloads And Guide

Whether you are looking to root One A9, or wanna install a custom ROM or Mods on this device, you are gonna need a custom recovery, and TWRP recovery remains the best choice. Luckily, the One A9 TWRP recovery is already available.

Note: the TWRP recovery is only semi-working right now. Because Touch is not working, you can’t use it that easily. And because ADB is working working, you can still use it via ADB to transfer files, and mount a partition like we need to do with One A9 root.

With TWRP recovery, you also get a solid backup option, which can unbrick your device easily when restored, no matter what got wrong with the device.

Here’s how to install TWRP recovery on One A9.

a9-att-635081.3.zip — Link

TWRP recovery — Link (semi-working, as touch isn’t working)

Warning!

Warranty may be void of your device if you follow the procedures given on this page. You only are responsible for your device. We won’t be liable if any damage occurs to your device and/or its components.

Backup!

Backup important files stored on your device before proceeding with the steps below, so that in case something goes wrong you’ll have backup of all your important files.

How to install TWRP on One A9

Step 1. Make sure you have unlocked bootloader of your One A9.

To do so now, check our guide on One M9 bootloader, and use this to unlock bootloader on your One A9 as the procedure is exactly same.

Step 2. Download the two files required for One A9 TWRP installation using this method. Keep them in a new folder called a9twrp

Step 3. In a9twrp folder, extract the zip file of modified boot image to get a .img file from it. Rename the resulting .img file to chúng tôi Also rename the TWRP recovery file to twrp.img.

Renaming makes it easy to enter commands when installing the boot and TWRP recovery below in this guide. So, you now have chúng tôi and chúng tôi in the folder called a9twrp, right?

Step 4. Install appropriate drivers.

Step 5. Now, open command window in the a9twrp folder, in which you have the modified boot and TWRP files. For this:

Now choose Open command window here option from that.

You will see a command window open up, with location directed to a9twrp folder.

Step 6. Connect your One A9 to PC.

Step 7. Boot your device into download mode. For this, run the following command into command window.

adb reboot download

Step 8. Test whether fastboot is working alright. In the command window by running the following command.

fastboot devices

→ Upon this, you should get a serial no. with fastboot written after it. If you don’t get fastboot written on cmd window, then it means you need to reinstall adb and fastboot drivers, or change restart PC, or use original USB cable.

Step 9. Install modified boot image now. For that, run the following command.

fastboot flash boot boot.img

(You have to use the boot image’s filename in the above command, which in our case is chúng tôi from step 3.)

Step 10. Boot into bootloader mode now. Run the following command for that.

fastboot reboot-bootloader

Step 11. Boot into recovery mode. For that, move the selection to ‘Boot into recovery mode’ option using volume keys, and then select it using power button.

Step 12. Do a factory reset now. In recovery mode, you wills ee 3e recovery. Choose the factory reset option using volume buttons and then select it using power button. Confirm on next screen to perform factory reset.

Step 13. Boot device back into download mode. For that, from recovery mode, use the ‘reboot to bootloader’ option to reach bootloader mode first.

And then from there, use the ‘Boot into download mode’ option.

Step 14. Install TWRP recovery now. Run the following command for that.

fastboot flash recovery twrp.img

(You have to use the recovery image’s filename in the above command, which in our case is chúng tôi from step 3.)

Step 15. When done, simply reboot to Recovery mode now. Run the following command for that.

fastboot boot twrp.img

When you reboot into TWRP, you will not be able to use touch on the the device for now, until new version of recovery shows up. We will update the link above when new version is available, so be sure to check this page again.

That’s it. Your One A9 now has TWRP recovery installed.

Quick Install new version of TWRP

When we upload a new version of TWRP, download that and install it quickly in this way. Simply boot the device into download mode, then open command window into folder where you have the new TWRP’s file, and then run the command fastboot flash recovery chúng tôi to install.

Because you have already installed modified boot image, you don’t need to install it again.

Need help?

Via jcase

Update the detailed information about Apple Educates Developers On Validating Xcode Downloads Following Xcodeghost Malware Attack on the Cancandonuts.com website. We hope the article's content will meet your needs, and we will regularly update the information to provide you with the fastest and most accurate information. Have a great day!