Home > Emerging Threats, iPhone, OS X > Drag and Drop

Drag and Drop

This is unfortunate for business, and a worrying attack vector. The Mac App store was easily bypassed and cracked by this simple drag and drop process. Evidently, you’ll find it ‘Installed’ when you open the app.

Please be reminded that ‘deceptive packaging’ takes advantage of legitimate software and application packaging to obscure the possible execution of malicious code;  and, this provides attacker a good opportunity.

  1. January 7, 2011 at 2:49 pm

    Hi Meths,

    this appears to be a failing on the part of the third-party developer, rather than the DRM platform – Apple’s documentation on the DRM protection specifically describes ensuring that the receipt you’re reading is for your own application, and it’s definitely supported by the technology – I’ve tested with client apps I’ve implemented receipt validation for. I wrote more about the receipt validation process here: http://blog.securemacprogramming.com/2011/01/on-the-broken-mac-app-store/

    • January 8, 2011 at 6:01 am

      Hi Graham, Yes in this case, the app is not validating the receipts properly. Your article provides a clear explanation, thanks for sharing!

  2. Carmel McFayden
    January 14, 2011 at 5:19 pm

    How can I uninstall StarfieldInstall? I keep being asked for my password for it to install.

  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: