Nobody said it was. Modifying a compiler to inject XcodeGhost is simple assembly work. Almost anyone could figure it out in an afternoon.
Multiple independent security organizations are reporting that the modified XCode release was shared via a filesharing site in China. That is how so many Chinese iOS developers came across it.
The version of XcodeGhost on github is a harmless version posted by the original author. The actual compiled code being found in the wild has malicious abilities not found in the code in that GitHub repo.
Nobody said it was. Modifying a compiler to inject XcodeGhost is simple assembly work. Almost anyone could figure it out in an afternoon.
Multiple independent security organizations are reporting that the modified XCode release was shared via a filesharing site in China. That is how so many Chinese iOS developers came across it.
The version of XcodeGhost on github is a harmless version posted by the original author. The actual compiled code being found in the wild has malicious abilities not found in the code in that GitHub repo.