Stories
Slash Boxes
Comments

SoylentNews is people

Top MacOS App Exfiltrates Browser Histories Behind Users' Backs

posted by Fnord666 on Monday September 10 2018, @12:14AM   Printer-friendly
from the powned-again dept.

MrPlow writes:

Submitted via IRC for SoyCow0245

A top-grossing Apple App Store program called Adware Doctor is capable of sidestepping macOS security controls and surreptitiously copying a user's entire browser history. It then sends it to a China-based domain.

According to Patrick Wardle, chief research officer at Digita Security and founder of Mac security company Objective-See, Apple was informed of Adware Doctor's suspicious functionality last month, but has failed to take action.

[...] In a technical breakdown of the app Wardle points out that, as is with similar "security" tools, Adware Doctor needs legitimate access to user's files and directories in order to scan for malicious code.

"Once the user has clicked 'allow,' since Adware Doctor requested permission to the user's home directory, it will have carte blanche access to all the user's files," he wrote. This allows the app to detect and clean adware, but to "also collect and exfiltrate any user file it so chooses."

The scope of data collected by the app, such as the aforementioned browser histories, is beyond what's required for the app to work as advertised, he said. He also said that collecting "the user's browsing history seem[s] to be a blatant violation of the user's privacy (and of course Apple's strict Mac App Store rules)."

Source: https://threatpost.com/top-macos-app-exfiltrates-browser-histories-behind-users-backs/137247/

Original Submission

 
This discussion has been archived. No new comments can be posted.
Top MacOS App Exfiltrates Browser Histories Behind Users' Backs | Log In/Create an Account | Top | 16 comments | Search Discussion
Display Options Threshold/Breakthrough Mark All as Read Mark All as Unread
The Fine Print: The following comments are owned by whoever posted them. We are not responsible for them in any way.

  • (Score: 5, Insightful) by Subsentient on Monday September 10 2018, @01:25AM

    by Subsentient (1111) on Monday September 10 2018, @01:25AM (#732626) Homepage Journal

    And to be honest, it's one of those things that boils my blood the most.
    I once contacted the DOJ over Microsoft's UEFI secure boot stuff, which of course they blew off.
    Not enough that they're trying to lock down what OSes you can run, now they're trying to control what software you can run.
    Oh, and when was the last time you saw an existing, working ARM smartphone or tablet that could boot anything other than some flavor of android and give you more than a serial console? Years? Yeah. That's because the binary blob drivers and firmware are impossible to use on anything but Android for virtually all of them.

    Chromebooks have that problem, non-x86 MS surface has that problem, some x86 laptops even refuse to boot anything but Windows, even with UEFI secure boot enabled Linux distros.

    --
    "It is no measure of health to be well adjusted to a profoundly sick society." -Jiddu Krishnamurti
    Starting Score:    1  point
    Moderation   +3  
       Insightful=3, Total=3
    Extra 'Insightful' Modifier   0  
    Karma-Bonus Modifier   +1  
    Total Score:   5