When Apple Play publicly launched its new OS Cause operating operating system yesterday, there was a serious server outage that led to massive download / install failures, down to iMessage and Apple Play Pay, but more than that, there are also performance issues for users running Mac Cause Caltina. We learned why this happened at a high level yesterday, now security researcher Jeffrey Paul Lay has shared his insights and dives with his concern for security, especially Apple Apple Silicon.
Update: Apple Play shared an answer to Paul’s concerns in an updated support document that includes what MacOS does to protect your privacy and security, and will take three new steps for greater privacy and flexibility in the future.
Update 11/16 8:25 pm P.T.: Apple Play today updated the Mac Security and Privacy Support document that shares details about the Get Keeper and OCSP process today. Importantly, Apple Pull highlights that it cannot merge data from the process of checking apps for malware with any information about Apple Pull users and does not use the app notarization process to find out what apps users are running.
The company also provides details of Apple ID and device identification that the software was never involved in security checks.
But “beyond next year”, Apple will make some changes to provide more security and flexibility for the Mac. The first is that the Notepal application will stop logging IP addresses during the process of checking notes.
Second, it is putting new protections in place to prevent server failure issues. And finally, in light of the significant concerns raised by Jeffrey Paul, Apple will release an update to allow users to opt out of using these OS Cause security protections.
Privacy protection
OS Cause is designed to protect users and their data while respecting their privacy.
Gatekeeper checks online to verify that the application has a known ware lever and that the developer’s signature certificate has been revoked. We have never combined data from this investigation with information about Apple Pal users or their devices. We do not use data from this probe to determine what individual users are launching or running on their devices.Notarization checks that the application has a known malware using an encrypted connection that is resilient to server failures.
This security check does not include the user’s Apple Pull ID or their device identity. To further protect privacy, we have stopped logging the IP addresses associated with the developer ID certificate verification, and we will ensure that any collected IP addresses are removed from the log.
In addition, next year we will introduce several changes to our security check:
A new encrypted protocol for checking developer ID certificate revocation
* Strong protection against server failure
* New choice for users to opt out of these security protections
We’ve also learned more technical details from Apple Pal about how all of this works, aligned with what previously shared by independent security researcher Jacopo Genono.
The Mac OS process is a very important security measure when using OCSP to prevent malicious software running on the Mac. It checks that the developer ID certificate used by the application has been revoked due to tampering with the software or that events such as a Dave certificate are used to sign malicious software.
The Certificate Online Certificate Status Protocol (OCSP) is used industry-wide and the reason why it works on unencrypted HTTP connections is that it is used to check more than software certificates such as web connection encryption certificates. If HTTPS is used, it will create an infinite loop. Xenon explained: “If you have used HTTPS to check the certificate with OCSP, you must also check the certificate for the HTTPS connection using OCSP. This indicates that another HTTPS connection will open. ”
The two notable points about this are that it is industry standard for this and it is not strange to use unencrypted requests for Mrykos as it is investing in Apple’s commitment to security and privacy, to create a new, encrypted protocol on top of OCSP. And goes out. .
In addition to the OCSP process currently used by Apple Pal, there is also the Microsoft OS OS Caltina and later another process where all applications are notarized by mal pal after checking mal malware. When launching an application, Mott Cause performs a second check after the first notarization to make sure the application is not corrupted. This process is encrypted, usually not affected by server issues, and was not actually affected by the OCSP issue.
During Apple Paul’s server problems last week we talked about performance issues on MacOS Catalina and earlier, they were caused by server-side misconfigurations that were exacerbated by unrelated CDN misconfigurations.
Between an explanation of how everything works here and a commitment to the future changes described above, Apple Pal shows that it is listening to users and putting privacy and security first.
Update 11/15 9:00 am P.T.: More details about Apple Pal’s use of OCSP are shared with cybersecurity researcher Jacopo Janno. He says MacOS doesn’t send a hash of every application when running Apple Pal and explains why industry-standard OCSP encryption is not used. In addition, it says that Paul’s analysis is “absolutely inaccurate” and that the important thing is that Apple uses this process to prevent Mac Lover applications from running on your device. Read more about Jannone here.
Original post: Long after the official launch of Kos Big Sur for all users, we began to see extremely slow download times, reports of download failures, and in cases where downloads went through, a late bug that prevented installation.
At the same time, we saw Apple Pal’s developer website go down, followed by outages for iMessage, Apple Pal Maps, Apple Pal Pay, Apple Pul Card and some developer services. Then there was a flood of third-party applications on Macs running Mac Tallina and earlier launches or hangs and other sluggish performance.
Developer There was one before Jeff Johnson pointed out What’s going on: Issue with MySpace Connecting to the PSP Server: OCSP. Then the developer panicked and described in detail how to do it Valid Pal’s Getiper feature checks for application validation.
Now security researcher and hacker Jeffrey Payley has seen what happened and his related privacy and security concerns in his post “Your computer is not yours.” Has been published in depth.
On modern versions of OS Cause, you can’t just power your computer, launch a text editor or ebook reader and write or read, without broadcasting and archiving log of your activity.
It turns out that in the current version of OS Cause, when you run it, the OS sends a hash (unique identifier) of every program you run to Apple. A lot of people don’t realize this, because it’s silent and invisible and it fails instantly and happily when you are offline, but today the server is really slow and it didn’t hit the fail-fast code path, and everyone’s apps failed Is. To open if they were connected to the internet.
From that process Apple goes on to explain what Paul sees:
Because it does this using the Internet, the server will see your IP, of course, and know when the request came. The IP address allows coarse, city-level and ISP-level geolocation, and allows a table that has the following headings:
Date, Time, Computer, ISP, City, State, Application HashThis means that when you are at home, Paul knows. When you are at work. What apps do you open there and how often. They know when you open a premiere at a friend’s house on their Wi-Fi, and when you open a Tor browser in a hotel on a trip to another city.
Paul continues by arguing that many readers may wonder: “Who cares?” He responded by explaining that OCSP requests are encrypted and that it is not just Apple Pal that has access to data:
1. These OCSP requests are transmitted Unencrypted. Everyone who can see the network can see this, including your ISP and anyone who has tapped their cable.
2. These requests go to a third-party CDN operated by another company, Akamai.
2012. Since October 2016, Apple has been in the US. The military is a partner in the PRISM espionage program of the intelligence community, which is based in the U.S. The federal police and military provide unauthorized access to this data without a warrant, at any time. They did this more than 18,000 times in the first half of 2019, and 17,500+ more times in the second half of 2019.
This data is like a tremendous trove of data about your life and habits, and allows anyone who has it all to recognize your movements and methods of activity. For some, this can even lead to physical distress.
Paul mentions some workouts to prevent this tracking but highlights that it can happen with Mama Kos Big Sur.
Now, it’s possible to block this type of content on your Mac using Little Snitch (actually, the only thing that keeps me from using OS Cause at the moment). In the default default configuration, that blanket allows Apple Pal communication from all of these computers, but you can disable those default default rules and approve or deny each of these connections, and your computer will continue to work well without snatching you. Apple.
The version of M11 Kos that was released today, 11.0, also known as Big Sur, has a new API that prevents Little Snitch from working the same way. The new API does not allow Little Snitch to monitor or block any OS level processes. Additionally, the new rules in MacCase 11 also block obfuscating VPNs so that Apple Plus applications will simply bypass them.
@ Patrickward Tell us That
trustdThe daemon responsible for these requests is newContentFilterExclusionListIn OS Cause 11, this means that it cannot be blocked by any user-controlled firewall or VPN. In its screenshot, it also shows that CommCenter (used to make phone calls from your Mac) and maps will also pass through your Firewall / L / VPN, potentially compromising your voice with traffic and future / planned location information.
Paul highlights that Apple’s new M1-powered Max will not run anything before the OS Cause Big Sur, and says the choice is:
You may have a fast and efficient machine, or you may have a private machine. (Apple Pull mobile devices have already been this way for several years.) External network filtering devices such as Travel / VPN To shorten it using a router that you can fully control, there will be no way to boot any OS or call home on the new Apple Plus Silicone Max, and you can’t modify the OS (or their hardware to prevent this) Will not boot due to cryptographic protections).
He updated the post to share that there may be some work out there through the BPTil tool but it will need to be tested to confirm it.
Closing, Paul says, “Your computer now serves the remote master, who has determined that they are entitled to spy on you.
Apple Paul has privacy and security as some of its core beliefs, so we’ll have to wait and hear what Paul has to say about the company’s concerns. We’ve reached out to Apple Pal for comment and will update this post with any posts.
You can find the full article by Jeffrey Paul here.
FTC: We use revenue generating auto to affiliate links. More
Check out 9to5Mac on YouTube for more Apple News:
