purchase it direct... I generally don't buy from the app store if I can help it. I go direct. The App store apps keep getting updated and sometimes I want the original rev I purchased. And I have not figured out a way to do this on the APP store...
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
What You Need to Know About Recent 'XARA' Exploits Against iOS and OS X
- Thread starter MacRumors
- Start date
- Sort by reaction score
purchase it direct... I generally don't buy from the app store if I can help it. I go direct. The App store apps keep getting updated and sometimes I want the original rev I purchased. And I have not figured out a way to do this on the APP store...
On a few occasions some applications I've purchased on the Mac app store have had new versions which are broken. One example is Textual an IRC client and another is Movist a video player.
In both of these occasions I used Time Machine to revert back to earlier versions. That seems the only way right now to go back to an earlier version of a program if its already been updated. Quite frustrating.
1Password can be trusted. The problem is a malicious app intercepting data between it and its companion app (1Password mini). But before any of that can occur, you must first install malware on your machine. So if you're smart about what you install and where it came from (both are important factors), you should be able to safely continue using 1Password (I use it daily and will continue to do so).
I don't think this is in the wild. The original article said that the finders wrote exploit apps and put them on the App Store. Apple did not flag them as malware at the time.
If Apple could find the "fingerprint" of the exploit in the app, then they can drop them from the store in a short space of time.
Apples gatekeeping is all good and well, but using your own judgement is important too - from some of the comments here it sounds like people have given up on checking things out themselves.
If Apple could find the "fingerprint" of the exploit in the app, then they can drop them from the store in a short space of time.
Apples gatekeeping is all good and well, but using your own judgement is important too - from some of the comments here it sounds like people have given up on checking things out themselves.
I think that’s what a lot of ‘regular’ Mac users have done and expect to do be able to keep doing.
My question is: If a malicious app has already been downloaded, and the app is not running, is my system at risk?
Last edited:
Well, the "bad guys" put an ad in the paper, and so far, I haven't heard a peep from Apple as to what they are doing. Not cool.
I don't think people are glossing over that fact. It's the silence that has people bugged - or at least what has me bugged.
That would be good news! Where did you read this? Would you please provide a link?
I agree with you, but where is that line that defines what "known good software" is?
For example: A couple of months ago, I installed Photo Sweeper http://overmacs.com/?p=photosweeper . I did my due diligence, it has a decent presence on the web, and no references to malware that I could find at the time that i installed it AND I purchased it from the Apple Store. How do I know if it's safe???
Personally, they shouldn't say anything. Pulling attention to the issue is not good in many ways and I'm sure they are working on it.
If you think all problems can be easily fixed, you're thinking wrong. Some of these issues can be very complex and fixes can impact many parts of the system and security. Plus Apple has to be careful not to break other valid apps in the process or they'll have a big mess on the other side.
Apple gains nothing by having security problems, but it's bound to happen given the complexity of the OS and the determination of the hackers that are out there.
While I respect your opinion, I disagree.
I know that many problems are not easily fixed.
Agreed, but you are stating the obvious (I'm not being sarcastic).
or the App Store or the Internet. Your best bet is electrical tape and tinfoil.
Sure it's obvious, but some posters have made references as if Apple is ignoring these flaws and that statement was for those posters... As you say, it's obvious that ignoring them would do them no good, so it's fairly easy to assume it's a complex fix and they're working on it.
That was my point.
I think the problem is software has become an after thought for pretty products. This is the first year they are actually fixing the os post Steve. Instead of coming out with a new one every year. Im pissed right now. I bought this macbook pro for my personal use because all I heard is how secure it is. Now to think of it in my 14 yrs using windows , I never had this problem. I feel like a chump.
How can you say you've never had this problem with Windows? You've must be joking, with Windows your information can be taken even without downloading an app just connect it to the internet.
If you feel like a chump it's because you are buying into the hype that this is a larger issue than it really is, it's not in the wild and even if it were you'd have to do a few things before you'd be affected.
You've bought into the hype and marketing like everybody else, and now you've woken up in the real world. It pissed me off, too. ;-)
Apple products have become mass products and hence they have become an attractive target for all sorts of malware. This was bound to happen. Secrecy might have always been one of Apple's strengths, but certainly not security. There have always been reports about major security flaws and holes in their products throughout the years, but nobody every really cared - neither Apple nor their customers. But with the market share that IOS devices have reached, that's a luxury nobody can afford anymore.
The simple truth remains that Apple products are NOT in ANY way more secure than the products of their competition. Out of the box even the opposite is quite often true (at least when we're talking about OS X compared to Linux or Windows).
We've been exploiting a fundamental weakness in the Keychain since 2007 and selling it to government agencies around the world. Apple is well aware of it as we met with their security team before we began selling the product and they scoffed at it. Now their government sales guys help us sell it.
Never ever had a problem with Windows, kept everything locked down. Sorry I don't drink the kool aid and just say its hype.