Why Xcode’s Integrity Matters

Craig Hockenberry, on reports that the CIA is actively working to compromise the integrity of Xcode:

The article refers to “Xcode” generically, but as we all know, there are a lot of pieces to this puzzle: I’m going to examine a few of them below. It’s your job to think about how these things might affect your own products.

The bottom line: You can never fully trust code you aren’t compiling from source. And even when you do have the source, you’re fucked if your compiler has been compromised.

Tuesday, 10 March 2015