
This will be short because I am not a security expert. Another NSA activity has come to light. There is a very good article on it.
iSpy Campaign to Steal Apple’s Secrets
Before you relegate this to only a threat to Apple, consider this classic by Ken Thompson.
The upshot of all this is that it is possible to bootstrap spy code into an Open Source compiler such as GCC, CLANG/LLVM, etc. How? You have to insert the code into the first compiler in the chain that is used to start building a new compiler. This very effectively hides the code as it is passed on to the compilers that use it as a bootstrap to build the new compilers.
Edits:
Craig Hockenberry writes: Xcode Compromised
TechCrunch writes: Apple Products May Have Been Compromised By CIA
John Gruber’s Daring Fireball: The Intercept: CIA Campaign to Compromise Apple’s Developer Tools