LOGO

Apple Addresses Gatekeeper Security Issue - Upcoming Fixes

November 16, 2020
Topics:ApplegatekeepermacmacosPrivacySecurity
Apple Addresses Gatekeeper Security Issue - Upcoming Fixes

Apple has revised its documentation to outline the measures it will take to avoid a recurrence of the Gatekeeper issue experienced last week, as noted by Rene Ritchie. The company anticipates rolling out these improvements throughout the coming year.

Last week presented challenges for Apple with the release of macOS Big Sur, a significant macOS upgrade. Following the release, the company encountered problems with its servers.

Consequently, certain third-party applications were unable to start because Macs were unable to verify the developer certificates of those apps. This Gatekeeper function is designed to protect users from malicious software disguised as legitimate applications. When a certificate is invalid, macOS blocks the application from opening.

The security feature sparked worries regarding potential privacy concerns. Specifically, questions arose about whether Apple tracks every application launched on Macs to gather data on application usage for competitive purposes.

However, these concerns were quickly addressed. It was discovered that the server does not require encrypted communication. Jacopo Jannone successfully captured an unencrypted network request, revealing that Apple is not secretly monitoring user activity. Gatekeeper operates as intended, focusing solely on security verification.

“We have not combined data from these checks with information about Apple users or their devices. We do not utilize data from these checks to determine which individual applications users are launching or running on their devices,” the company stated.

Apple is taking additional steps and is detailing its future plans. The company ceased logging IP addresses on its servers last week, as this data is not essential for Gatekeeper functionality.

“These security checks have never involved the user’s Apple ID or the identification of their device. To enhance privacy further, we have discontinued logging IP addresses linked to Developer ID certificate checks, and we will guarantee the removal of any collected IP addresses from logs,” Apple explained.

In conclusion, Apple is redesigning the network request process and will introduce a visible option for users to disable the feature.

#Apple#Gatekeeper#security#vulnerability#fix#macOS