Filtered By: Scitech
SciTech

Mac App Store poses security risks, research shows


Visiting Apple Inc.'s Mac App Store may put users at risk of getting hacked, a computer security researcher warned. Researcher Joshua Long said that Mac users who download the Opera browser through the App Store may be getting a version lacking a critical security patch. "Users who rely on the App Store to tell them whether their software is up-to-date may not be aware of the security risks and may continue to use an unsafe version of the Opera browser," Long said in his blog. The Mac App Store is a feature added to Mac OS X v10.6 Snow Leopard and built into the upcoming v10.7 Lion operating system. Long said that Opera recently released version 11.11 of its software, which fixes a "critical" security issue, but the App Store offers version 11.01. Version 11.01 of Opera was released back in March and is vulnerable to the security bug patched in 11.11, he added. For now, he said the best solution is to go directly to Opera's website and download the latest version of the browser from there. "I have notified Apple and Opera about this issue. An Opera representative acknowledged that 'We are waiting for the App store to approve the next version of Opera for Mac. For now the only solution is to go to www.opera.com/download/,'" he said. Other outdated software Long said that Opera is not the only software in the Mac App Store that is outdated. He Amazon's Kindle app, whose latest version is 1.5.1, is still offered in the App Store as version 1.2.3, which was released in January. "Amazon does not publicly disclose its changelog, so there is no easy way to know whether any security issues exist in Kindle for Mac version 1.2.3," he said. Long also noted Apple has come under fire for taking "unreasonable" amounts of time, sometimes weeks or even months, to approve both new apps and app updates in its iOS App Store. He said it remains to be seen how quickly Apple will approve the latest Opera update in the Mac App Store. Attack on Macs Long pointed out that earlier this month, noted security researcher Brian Krebs warned about a new crimeware kit that makes it easy for criminals to hack and gain control of Mac systems. He added Mac security firm Intego and others warned about new malware spreading on the Web that falsely claimed to be Mac security software called MACDefender (or MAC Defender, and later renamed Mac Security and Mac Protector). "Although attacks against Macs may currently be less common than Windows attacks, the threat of Mac security breaches is increasing and should not be taken lightly. Regardless of which operating system you're using—even if it's a mobile platform such as iOS or Android—it's important to follow good Internet safety practices," he said. Getting the latest version Long suggested that users who download apps from the Mac App Store get the latest version by dragging the outdated app from the Mac Applications folder into the Trash. They can then drag the current version of the application, usually available from the developer's Web site, into the Applications folder. — TJD, GMA News

LOADING CONTENT