Submitted via IRC for SoyCow0245
A top-grossing Apple App Store program called Adware Doctor is capable of sidestepping macOS security controls and surreptitiously copying a user's entire browser history. It then sends it to a China-based domain.
According to Patrick Wardle, chief research officer at Digita Security and founder of Mac security company Objective-See, Apple was informed of Adware Doctor's suspicious functionality last month, but has failed to take action.
[...] In a technical breakdown of the app Wardle points out that, as is with similar "security" tools, Adware Doctor needs legitimate access to user's files and directories in order to scan for malicious code.
"Once the user has clicked 'allow,' since Adware Doctor requested permission to the user's home directory, it will have carte blanche access to all the user's files," he wrote. This allows the app to detect and clean adware, but to "also collect and exfiltrate any user file it so chooses."
The scope of data collected by the app, such as the aforementioned browser histories, is beyond what's required for the app to work as advertised, he said. He also said that collecting "the user's browsing history seem[s] to be a blatant violation of the user's privacy (and of course Apple's strict Mac App Store rules)."
Source: https://threatpost.com/top-macos-app-exfiltrates-browser-histories-behind-users-backs/137247/
(Score: -1, Offtopic) by Anonymous Coward on Monday September 10 2018, @12:21AM
"Walled garden" can suck it.
First@!!!!