Had a discussion about XcodeGhost: “Couldn't Apple detect that?”
No, they couldn't.
Actually detecting Malware or Backdoors in Object code is Halting problem equivalent. But couldn't Apple detect that it was their own code? Well, it was linked into binaries, which afterwards were signed by their developers.
But couldn't they detect a modified version of their own Object file? No, neither this. The LLVM linker does Atom based linking. So in the binaries there probably weren't such Object files left.
Detecting backdoors has to be done as Source Code review. This is why p≡p is based on that. And even then experts like SektionEins will not find everything with a hit rate of 100%.
But this is the best thing we have. So p≡p does it.
published Sun, 20 Sep 2015 20:44:34 +0200 #backdoor #codereview #linker #llvm #malware #p≡p #xcodeghost