Slashdot Mirror

← Back to Stories (view on slashdot.org)

Mac App Store Apps 'Damaged' Following Security Certificate Bug (thestack.com)

Posted by samzenpus on from the that-didn't-work dept.

An anonymous reader writes: A slew of complaints are emerging against Apple after users were forced to delete and re-install Mac App Store apps in the wake of a major security management error. The problem manifested with the apparent expiry of security certificates which validated the apps, but even after the certificates were updated yesterday to expire in 2035, the problems were not resolved; some users were unable to verify the new certificates, and others could not even connect to the internet. In some cases the programs had to be reinstalled from scratch, deleting the user's existing settings.

8 of 66 comments (clear)

  1. It's not Apple's fault! by Anonymous Coward · · Score: 3, Funny

    You're using the store wrong..

  2. Re: Apple "security" in action. by Anonymous Coward · · Score: 3, Funny

    I'll bet the 8 people using GNU/HURD are really grateful they don't have to contend with this drama.

  3. Annoying lack of communication from Apple by hackertourist · · Score: 3, Interesting

    I noticed something odd was going on when yesterday morning my OS wanted me to sign into the App Store to 'validate' a program I purchased recently.

    Now I have to read about the cause on a news website instead of hearing directly from Apple (you know, the people who already have my email address along with those of all their customers).

  4. Re: Apple "security" in action. by arglebargle_xiv · · Score: 4, Funny

    Oh come on now, you're exaggerating things just a bit there.

    There can't be more than three people using HURD. Four, tops.

  5. So much bullshit in this summary by BitZtream · · Score: 5, Informative

    Let's start with user settings. User settings are neither stored with the app not digitally signed or encrypted. They are buried in a semi hidden folder that resides in the users home directory. Deleting an app doesn't delete your settings. It can't. Intentionally.

    You can't really 'update' a cert once it's been used, so if something expired all apps with that cert in they're chain of trust would need to be resigned to validate them. There is no way to magically make apps signed with the old cert work with a new one. That would be a massive whole in the entire PKI process.

    I'm not saying something didn't break, but the summary is 100% factually incorrect.

    --
    Persistent Volume manager for Kubernetes - https://github.com/dwimsey/openshift-pvmanager
  6. Re:Welcome to the world of the future. by supercrisp · · Score: 4, Interesting

    I don't think it's just protecting against idiot users. It's also about shoving us into the "cloud" where we can be somehow monetized, either by network access, storage volume, or information collection. Why else would iPhoto drop local networking except to put your photos in Apple's servers? Or Android Marshmallow require you to allow MTP every time you hook up a USB cable except to make noncloud file exchange a little bit more of a PITA? Sure there's "curation" at the Apple Store, but there's also control, information gathering, the possibility of add revenue and so on. I guess I sound cynical, but I'm not sure you can actually be cynical enough about all this.

  7. Wasted a lot of my time by daq+man · · Score: 3, Insightful

    So, the thing that got hit for me was 1Password. So I couldn't log into websites because 1Password wouldn't run. Fortunately I could use the synced copy on my phone and type in the passwords by hand but the whole reason for using a password manager is so that I can use passwords that are long sequences of random characters which are no fun to type by hand! I found that it was an App store problem from the Mac Rumors website. Running the App caused a box to pop up saying the App was corrupted, to delete it and re-install. So I followed the instructions and, guess what? I couldn't re-download from the App store!

    This whole idea of having software that quits working based on some random policy is useless. I want software that I buy and is there when I need it. Not checking if some certificate has expired or that I paid a subscription or some other BS.

    I've been using Macs since 1985, yes I use Windows and Linux too but Macs were always what I used at home because I could write a file five or ten years ago and still open it. That's fading away. Notice I wrote "what I used at home", I'm shopping around.

  8. Let's score this by Maury+Markowitz · · Score: 4, Informative

    "some users were unable to verify the new certificates, and others could not even connect to the internet. In some cases the programs had to be reinstalled from scratch, deleting the user's existing settings."

    Ok, let's look at this...

    1) some users were unable to verify the new certificates

    Sure, I buy that.

    2) others could not even connect to the internet

    I call BS, App certs do not have any use whatsoever in the TCP stack. I'm sure people had problems, but it wasn't due to this.

    3) the programs had to be reinstalled from scratch, deleting the user's existing settings

    I call BS on that too. The app settings are in a text file in the user directories, you can go and open them in your favorite text editor right now. Re-installing an app does not overwrite these settings, which is *the whole reason* they're done this way. It is possible that app did that, but that's a bug in the app and has nothing to do with certs.

    Crappy reportage.