.dylib vulnerabilities on mac .apps
the article below discusses research regarding vulnerabilities with GPGTools.app; essentially that your app can have binary files "snuck in".
Have you guys looked into this research?
Comments are currently closed for this discussion. You can start a new one.
|?||Show this help|
|ESC||Blurs the current field|
|r||Focus the comment reply box|
|^ + ↩||Submit the comment|
You can use
Command ⌘ instead of
Control ^ on Mac
1 Posted by jeremybundgaard on 23 Mar, 2015 05:26 PM
I downloaded the researchers app and scan my system; the attached screen capture shows what the app returns for GPG Keychain.
Support Staff 2 Posted by Steve on 28 Mar, 2015 08:18 PM
yes we are aware of the issue and have talked to Patrick already. This concerns all software signed with a developer cert from Apple. It's basically Apple's call to improve the mechanisms to prevent this from happening.
The fact that our tool is being listed as vulnerable stems from the fact, that all software signed with an apple dev cert falls into that category.
We hope Apple can come up with a fix for this.
All the best,
Steve closed this discussion on 03 Jun, 2015 01:49 PM.