.dylib vulnerabilities on mac .apps

jeremybundgaard's Avatar

jeremybundgaard

23 Mar, 2015 05:20 PM

the article below discusses research regarding vulnerabilities with GPGTools.app; essentially that your app can have binary files "snuck in".

Have you guys looked into this research?

http://www.forbes.com/sites/thomasbrewster/2015/03/17/apple-mac-gat...

  1. 1 Posted by jeremybundgaard on 23 Mar, 2015 05:26 PM

    jeremybundgaard's Avatar

    I downloaded the researchers app and scan my system; the attached screen capture shows what the app returns for GPG Keychain.

  2. Support Staff 2 Posted by Steve on 28 Mar, 2015 08:18 PM

    Steve's Avatar

    Hi Jeremy,

    yes we are aware of the issue and have talked to Patrick already. This concerns all software signed with a developer cert from Apple. It's basically Apple's call to improve the mechanisms to prevent this from happening.

    The fact that our tool is being listed as vulnerable stems from the fact, that all software signed with an apple dev cert falls into that category.

    We hope Apple can come up with a fix for this.

    All the best,
    steve

  3. Steve closed this discussion on 03 Jun, 2015 01:49 PM.

Comments are currently closed for this discussion. You can start a new one.

Keyboard shortcuts

Generic

? Show this help
ESC Blurs the current field

Comment Form

r Focus the comment reply box
^ + ↩ Submit the comment

You can use Command ⌘ instead of Control ^ on Mac