Submitted via IRC for SoyCow0245
A top-grossing Apple App Store program called Adware Doctor is capable of sidestepping macOS security controls and surreptitiously copying a user's entire browser history. It then sends it to a China-based domain.
According to Patrick Wardle, chief research officer at Digita Security and founder of Mac security company Objective-See, Apple was informed of Adware Doctor's suspicious functionality last month, but has failed to take action.
[...] In a technical breakdown of the app Wardle points out that, as is with similar "security" tools, Adware Doctor needs legitimate access to user's files and directories in order to scan for malicious code.
"Once the user has clicked 'allow,' since Adware Doctor requested permission to the user's home directory, it will have carte blanche access to all the user's files," he wrote. This allows the app to detect and clean adware, but to "also collect and exfiltrate any user file it so chooses."
The scope of data collected by the app, such as the aforementioned browser histories, is beyond what's required for the app to work as advertised, he said. He also said that collecting "the user's browsing history seem[s] to be a blatant violation of the user's privacy (and of course Apple's strict Mac App Store rules)."
Source: https://threatpost.com/top-macos-app-exfiltrates-browser-histories-behind-users-backs/137247/
(Score: 2) by black6host on Monday September 10 2018, @02:34AM
May I respond to anyone who even remotely believes that Apple or Google are somehow magically going to be able to ensure that all the software they sell, developed by third parties, is secure: HAHAHAHAHAHA Or even the software they themselves develop?: HAHAHAHAHAHA
There ain't no such thing. I know I'm preaching to the choir but WTF do people expect? Walled gardens are indeed only for the purpose of keeping the money corralled.