Skip to content
Thoughtful, detailed coverage of everything Apple for 28 years
and the TidBITS Content Network for Apple professionals

Search results for “Gatekeeper”

Josh Centers 5 comments

Mysterious DNS Hijacking Malware Targets Mac Users

A new piece of Mac malware is making the rounds. OSX/MaMi hijacks macOS’s DNS settings to intercept traffic by routing it through malicious servers. Additional capabilities, which didn’t seem to be active in the version that researcher Patrick Wardle analyzed, including taking screenshots, generating simulated mouse events, persisting as a launch item, downloading and uploading files, and executing commands. The motive, author, and how OSX/MaMi is spread are currently unknown, and when the Hacker News article was published, antivirus apps weren’t able to detect it. To see if you’re infected, check your DNS settings in System Preferences > Network, and look for the DNS servers 82.163.143.135 and 82.163.142.137. But unless you did something to bypass macOS’s Gatekeeper security, you likely have nothing to worry about since the malware’s executable isn’t signed by Apple.

Adam Engst 16 comments

Desktop, Screensaver, and Browser Tab Eye Candy for Your Mac

Apple provides some fantastic images for use as Desktop backgrounds and screensavers, but if you like seeing pretty pictures regularly, you’ll get bored with Apple’s tiny collection. Happily, Mac developers have tapped massive Internet photo sites to give you an inexhaustible set of beautiful photos to dress up your Desktop, screensaver, and browser windows.

Josh Centers No comments

Beware the EasyDoc Mac Malware

Bitdefender Labs has issued a warning about an app called EasyDoc Converter, saying that it’s dangerous malware that could give an attacker complete control of your Mac. EasyDoc Converter was available at the reputable MacUpdate Web site, and testers at Tom’s Guide were able to install it despite Gatekeeper being set to allow apps only from the “Mac App Store and identified developers.” Interestingly, the malware will not install if you have Objective Development Software’s Little Snitch network-monitoring utility installed. Read this as yet another reminder to be extra careful about what you install on your Mac — stick to software from reputable developers.

Josh Centers 18 comments

tvOS at 6 Months: Where Are the Apps?

Six months in, the tvOS ecosystem feels a bit empty. “Take Control of Apple TV” author Josh Centers investigates to find out why.

Adam Engst 23 comments

Make Sure You’re Getting OS X Security Data

There’s a poorly worded checkbox buried in the App Store pane of System Preferences that, if you misinterpret the interface, can result in your Mac failing to download critical anti-malware data. Adam Engst unwittingly had it set wrong, and if you do too, read on to learn how to get it right.

Josh Centers No comments

Apple Blocks First Mac Ransomware Attack in Hacked Transmission App

Version 2.90 of the Transmission BitTorrent client came with an unwanted feature: the KeRanger ransomware, which may be the first bona fide ransomware for the Mac. Three days after being installed, KeRanger begins encrypting files, and affected users must pay a ransom of 1 Bitcoin (about $400) to get their files back. Thankfully, Apple and the Transmission developers worked quickly to mitigate the attack. Apple revoked the stolen certificate used by KeRanger, so it will no longer work on Macs protected by Gatekeeper, and the Transmission Project has updated Transmission to 2.92, which automatically removes KeRanger if it’s present. If you have Transmission installed, update it immediately, and if you’ve turned off Gatekeeper for any reason, turn it back on by going to System Preferences > Security & Privacy and selecting Mac App Store and Identified Developers under Allow Apps Downloaded From. And keep good backups!

Josh Centers 10 comments

Sparkle Vulnerability Real, but Exploits Highly Unlikely

A vulnerability associated with the Sparkle software updater opens many popular apps open to attack. Josh Centers explains who’s at risk and what to do about it.

Josh Centers 6 comments

OS X Hidden Treasures: Services

It’s not new, and Apple doesn’t show it much love, but the ubiquitous Services menu can be a productivity powerhouse. Josh Centers explains how to use it and even how to make your own services.

Rich Mogull Adam Engst 14 comments

XcodeGhost Exploits the Security Economics of Apple’s Ecosystem

XcodeGhost is a new piece of malware that uses modified versions of Xcode to insert malicious code into popular iOS apps. This appears to affect only Chinese apps, because bandwidth limitations in China are what prompted developers to download modified copies of Xcode from unofficial sources, rather than going straight to Apple.

Adam Engst 14 comments

Make Site-Specific Browsers with Google Chrome

Want to open your favorite Web apps faster? Adam Engst shares the best way to turn a Web app into a native Mac app via a hidden feature in Google Chrome.

Joe Kissell No comments

Take Control of Security for Mac Users, Chapter 4: Beef Up Your Security Settings

In this chapter we continue by looking at some security settings that require a bit more explanation and thought. That includes a discussion of OS X’s Gatekeeper and sandboxing security features, some basics for using user accounts more securely, and a couple of quick suggestions about sharing files, your screen, and other resources.

Adam Engst No comments

Chapter 4 of “Take Control of Security for Mac Users” Available

In this week’s chapter of the streamed “Take Control of Security for Mac Users,” Joe Kissell explains how to use OS X’s Gatekeeper technology to protect yourself from malicious apps, helps you set up user accounts for optimal security, and looks at how to share resources on your Mac securely.

Rich Mogull 6 comments

You Are Apple’s Greatest Security Challenge

As the recent celebrity photo thefts showed, Apple now faces cloud security challenges that few other companies — even international banks — have had to address so far.

Adam Engst No comments

Chapter 11 of “Take Control of OS X Server” Now Available

If you’ve wanted to run a wiki or a blog using OS X Server, you don’t need to enable the Web service and install complex software. Instead, read this latest chapter of “Take Control of OS X Server,” where Charles Edge explains how to create and run your own wikis and associated blogs.

Agen Schmitz No comments

Fission 2.2.2

Maintenance update for the popular audio editor. ($32 new, free update, 14.5 MB)