Tuesday, February 23, 15:31
Home security Apple macOS: Application privacy issues are detected

Apple macOS: Application privacy issues are detected

After the release of macOS Big Sur on Thursday, Mac users started having problems opening apps while connected to the internet. Apple's system status page attributes the issue to Developer ID issues, with developer Jeff Johnson pointing out that there were problems connecting to Apple's OCSP server.

Apple macOS

Shortly afterwards, security researcher Jeffrey Paul published a post on a blog entitled "Your Computer Isn't Yours," in which he worries on privacy and safety related to Macs "phoning home" on Apple's OCSP server. In short, Paul said that the "OCSP traffic" generated by macOS is not encrypted and could possibly be seen by ISP or even their army USA.

Apple has since responded by updating the "Safely open apps on your Mac" support document with new information, as noted by iPhoneinCanada. The following is the complete "Privacy protections" section of the support document:

MacOS is designed to keep users and their data safe while respecting their privacy.

Gatekeeper performs online checks to verify that an application contains known malware and that the developer's signature certificate has been revoked. We have never combined data from these audits with information from Apple users or their devices. We do not use data from these controls to find out what users are running on their devices.

The notary checks if the application contains known malware using an encrypted connection that is resistant to server failures.

These security checks never included the user's Apple ID or device ID. To further protect your privacy, we have stopped recording IP addresses associated with Developer ID certificates and will ensure that any collected IP addresses are removed from the logs.

Apple clarifies that data for specific users is not collected during security check and that they intend to remove all IP information from the files recording. In addition, they intend to introduce many changes to system in the following year, such as:

  • a new encrypted protocol for Developer ID certificate revocation checks
  • strong protections against server failure
  • a new option for users to opt out of these security protections

Some users have advocated blocking traffic to Apple's authentication servers, but it looks like Apple will provide this option to end users in the future.

LEAVE ANSWER

Please enter your comment!
Please enter your name here

Teo Ehc
Teo Ehchttps://www.secnews.gr
Be the limited edition.

LIVE NEWS

A ghost particle that fell in Antarctica comes from a black hole

In a new study published in the journal Nature Astronomy on Monday, scientists describe in detail the detection of a subatomic particle -...

Facebook: will restore news pages in Australia

Following discussions between Facebook and the government in Australia, the social networking platform will restore the news pages ...

XSS error detected in the Apple iCloud domain

A cross-site scripting (XSS) vulnerability in the iCloud domain is said to have been fixed by Apple. The error hunter and penetration tester Vishal ...

Share-ents: How dangerous it is to post photos of children

According to security expert Ritesh Kotak, parents tend to post about 1.500 photos of their children on social media before ...

Python is under pressure to release updates to address an RCE vulnerability

Python Software Foundation (PSF) has released Python versions 3.9.2 and 3.8.8 to address two major security glitches, including an error ...
00:03:59

7 dangers of dual booting Windows and Linux

https://www.youtube.com/watch?v=ZUvqVlF4x5E Εάν σκέφτεστε να εγκαταστήσετε ένα δεύτερο λειτουργικό σύστημα στον υπολογιστή σας, καλό είναι να λάβετε υπόψη...

A UK court has rejected Epic Games' lawsuit against Apple

The Competition Appeal Tribunal of the United Kingdom rejected the lawsuit of Epic Games against Apple, with which the ...

Powerhouse VPN products are used in DDoS attacks

Some botnet operators abuse VPN servers by the VPN Powerhouse Management provider as a way to bounce and boost unwanted traffic ...

Social media users are more prone to misinformation

According to a survey, users who choose social media as a key source of information on important issues, such as Covid-19 or ...

Austin Energy - Texas: Scammers threaten customers with power outages!

Austin Energy, a public utility that supplies electricity to the city of Austin, Texas and surrounding areas, issued on ...