Hacker News new | ask | show | jobs
by esusatyo 3963 days ago
Isn't this the time when Mac App Store supposed to shine? When they found something that's dodgy and linked to a company that has apps on App Store, can't they just turn on the kill switch? That way the malware won't have anywhere to direct the users to.
2 comments
glhaynes 3963 days ago
It's not clear whether this "adware installer" is signed by a developer cert. I'm gonna guess it isn't, which means under the default settings, if a user double-clicks it to execute it, they'll be presented with a message saying that the app can't be run because it's "from an unknown developer" and the current settings disallow it. The user can get around that by right-clicking it and choosing "Open" (or switching Gatekeeper to be more relaxed), but the error message doesn't allude to this.

Edit: And if it is signed: yes, I believe Apple could and presumably would push out a malware update that would invalidate the cert.

link
noondip 3962 days ago
One could easily make an "app" which just runs a shell script with this exploit - no code signing needed.
link
glhaynes 3962 days ago
And users attempting to run it would encounter the things I mentioned above, so I'm not sure what you're getting at.
link
noondip 3962 days ago
I'm getting at the fact a shell script with this exploit can be made to look like an "app" and be "double-clickable", and doesn't require any code signing.
link
jakobegger 3962 days ago
Gatekeeper also watches over shell scripts, so when you double click the shell script it will tell you that you can't open it because it is from an unidentified developer.
link
noondip 3962 days ago
You're thinking of quarantine. You'll get a warning saying the script was downloaded from the Internet, asking if you're sure you want to open it. Again, nothing to do with code signing.
link
__david__ 3962 days ago
Anything with a .app wrapper needs to be signed. It doesn't matter if the main exe is a binary or a script.
link
taspeotis 3962 days ago
> When they found something that's dodgy and linked to a company that has apps on App Store, can't they just turn on the kill switch? That way the malware won't have anywhere to direct the users to.

If Apple did this you could take down any app from the App Store by writing some malware and making it "advertise" the App Store listing.

link