Security flaw

Discussion in 'OS X Yosemite (10.10)' started by macmacmacr, Nov 14, 2015.

  1. macmacmacr macrumors regular

    Dec 23, 2014
    I am using Yosemite 10.10.5 using a non-admin account and using the application called TOR 5.02 (secure web browser) sha 256: bc76e4d1a0b9deab144b199aba8d98fb508ec8858e5efacf942eb38f9d92a08e

    The application TOR which is for the most part a secure version of Firefox, was able to automatically update and install a new version of TOR 5.04 without me authorizing the installation or entering the administrator password. TOR 5.02 downloaded a file called

    This never occurred with previous versions of TOR and since it bypass the operating system I am interested in knowing what the possible flaw that would allow this to occur. It appears to be an elevated priviledge.
  2. CoastalOR macrumors 68020


    Jan 19, 2015
    Oregon, USA
    TOR is about anonymity which is not the same as security. It will not protect you from malware for example. I have not used it, but check to see if there is a Preference setting that allows checking for updates.
    Here are some links that discusses what it does and does not do:
  3. Ritsuka macrumors 6502a

    Sep 3, 2006
    Why would it need to be authorised to update itself? An application runs with the same permission as your user (if it's not sandboxed) so it can do whatever you can, if your user has the permission to modify the app the app itself has got it too.
  4. macmacmacr thread starter macrumors regular

    Dec 23, 2014
    That is not the case with Firefox. when a new version is ready to install and even though I install it it still requires my O.S. admin password to complete the installation. This is the case for all my apps on Yosemite.
  5. macmacmacr thread starter macrumors regular

    Dec 23, 2014
    This is not about the application TOR but the fact it installs an update automatically without my interaction. I must enter my Admin password for any application to install. This should of been corrected in the security update 10.10.5. see
  6. Ritsuka macrumors 6502a

    Sep 3, 2006
    It all depends on the permissions of the app. Remove your user from the write permission of the app if you don't want it to replace itself.

Share This Page

5 November 14, 2015