Blog | G5 Cyber Security

Insecure Apple Authorization API Still Used

A security issue with MacOS installers could, if abused, allow local attackers to install their own files. Patrick Wardle, the chief security researcher at Synack, gave a presentation at last months DEF CON. Wardle found that the installers for Slack, Google Chrome, Dropcam and various security software programs, as well as the open source update library Sparkle, all used the deprecated version during their updates. Developers told Threatpost that they did not consider the newer release to be a good replacement for the older, less secure one.”]

Source: https://securityintelligence.com/news/insecure-apple-authorization-api-still-used/

Exit mobile version