Please revoke MacUpdate's Developer ID certificate
| Originator: | jbrayton | ||
| Number: | rdar://23453400 | Date Originated: | 2015-11-07 |
| Status: | Open | Resolved: | |
| Product: | OS X | Product Version: | N/A |
| Classification: | Security | Reproducible: | Always |
The once-reputable macupdate.com site has started trying to sneak adware onto its users' computers. More information about this is available at: https://blog.malwarebytes.org/news/2015/11/has-macupdate-fallen-to-the-adware-plague/ I was able to independently confirm the findings in that article. This seems like exactly the kind of problem Developer ID was meant to solve. If a developer is trying to trick a user into installing junk onto his or her Mac, Developer ID should stop the user from doing so. This is the code signing information I was able to get from the installer: $ codesign -vvv -d MacUpdate\ Installer.app/ Executable=/Users/jbrayton/Desktop/MacUpdate Installer.app/Contents/MacOS/pretransmit Identifier=com.greasily.germule Format=bundle with Mach-O thin (x86_64) CodeDirectory v=20200 size=7964 flags=0x0(none) hashes=391+3 location=embedded Hash type=sha1 size=20 CDHash=03077e331e3d6ad718653356b03e52dc0007147e Signature size=8525 Authority=Developer ID Application: Herbert Lakin (RYFK6YL6C6) Authority=Developer ID Certification Authority Authority=Apple Root CA Timestamp=Oct 18, 2015, 10:14:14 AM Info.plist entries=28 TeamIdentifier=RYFK6YL6C6 Sealed Resources version=2 rules=12 files=51 Internal requirements count=1 size=180
Comments
Please note: Reports posted here will not necessarily be seen by Apple. All problems should be submitted at bugreport.apple.com before they are posted here. Please only post information for Radars that you have filed yourself, and please do not include Apple confidential information in your posts. Thank you!
Marked as duplicate
This is currently open and marked as a duplicate of Radar 23346029.