Article 5AE2V Apple responds to Gatekeeper issue with upcoming fixes

Apple responds to Gatekeeper issue with upcoming fixes

by
Romain Dillet
from Crunch Hype on (#5AE2V)

Apple has updated a documentation page detailing the company's next steps to prevent last week's Gatekeeper bug from happening again, as Rene Ritchie spotted. The company plans to implement the fixes over the next year.

Apple had a difficult launch day last week. The company released macOS Big Sur, a major update for macOS. Apple then suffered from server-side issues.

Third-party apps failed to launch as your Mac couldn't check the developer certificate of the app. That feature, called Gatekeeper, makes sure that you didn't download a malware app that disguises itself as a legit app. If the certificate doesn't match, macOS prevents the app launch.

Hey Apple users:

If you're now experiencing hangs launching apps on the Mac, I figured out the problem using Little Snitch.

It's trustd connecting to https://t.co/FzIGwbGRan

Denying that connection fixes it, because OCSP is a soft failure.

(Disconnect internet also fixes.) pic.twitter.com/w9YciFltrb

- Jeff Johnson (@lapcatsoftware) November 12, 2020

Many have been concerned about the privacy implications of the security feature. Does Apple log every app you launch on your Mac to gain competitive insights on app usage?

It turns out it's easy to answer that question as the server doesn't mandate encryption. Jacopo Jannone intercepted an unencrypted network request and found out that Apple is not secretly spying on you. Gatekeeper really does what it says it does.

We have never combined data from these checks with information about Apple users or their devices. We do not use data from these checks to learn what individual users are launching or running on their devices," the company wrote.

But Apple is going one step further and communicating on the company's next steps. The company has stopped logging IP addresses on its servers since last week. It doesn't have to store this data for Gatekeeper.

These security checks have never included the user's Apple ID or the identity of their device. To further protect privacy, we have stopped logging IP addresses associated with Developer ID certificate checks, and we will ensure that any collected IP addresses are removed from logs" Apple writes.

Finally, Apple is overhauling the design of the network request and adding a user-facing opt-out option.

In addition, over the the next year we will introduce several changes to our security checks:

  • A new encrypted protocol for Developer ID certificate revocation checks
  • Strong protections against server failure
  • A new preference for users to opt out of these security protections"

PSA: macOS is a little broken this morning, with many non-Apple apps hanging at launch

Techcrunch?d=2mJPEYqXBVI Techcrunch?d=7Q72WNTAKBA Techcrunch?d=yIl2AUoC8zA Techcrunch?i=1V1meAVxj0g:1NlO5Ns3ooo:-BT Techcrunch?i=1V1meAVxj0g:1NlO5Ns3ooo:D7D Techcrunch?d=qj6IDK7rITs1V1meAVxj0g
External Content
Source RSS or Atom Feed
Feed Location http://feeds.feedburner.com/TechCrunch/
Feed Title Crunch Hype
Feed Link https://techncruncher.blogspot.com/
Reply 0 comments