Please revoke MacUpdate's Developer ID certificate

Number:rdar://23453400 Date Originated:2015-11-07
Status:Open Resolved:
Product:OS X Product Version:N/A
Classification:Security Reproducible:Always
The once-reputable site has started trying to sneak adware onto its users' computers. More information about this is available at:

I was able to independently confirm the findings in that article. 

This seems like exactly the kind of problem Developer ID was meant to solve. If a developer is trying to trick a user into installing junk onto his or her Mac, Developer ID should stop the user from doing so.

This is the code signing information I was able to get from the installer:

$ codesign -vvv -d MacUpdate\
Format=bundle with Mach-O thin (x86_64)
CodeDirectory v=20200 size=7964 flags=0x0(none) hashes=391+3 location=embedded
Hash type=sha1 size=20
Signature size=8525
Authority=Developer ID Application: Herbert Lakin (RYFK6YL6C6)
Authority=Developer ID Certification Authority
Authority=Apple Root CA
Timestamp=Oct 18, 2015, 10:14:14 AM
Info.plist entries=28
Sealed Resources version=2 rules=12 files=51
Internal requirements count=1 size=180


Marked as duplicate

This is currently open and marked as a duplicate of Radar 23346029.

Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!