• Your favorite

    Apple

    ,

    iPhone

    ,

    iPad

    ,

    iOS

    ,
    Jailbreak
    , and
    Cydia
    site.
  • Apple's Gatekeeper App Signing Changes Reportedly Made Due to a Security Breach


    A recent report suggests that Apple’s modified OS X app signing policy was changed because of a Developer Portal security breach which leaked keys for multiple services. Twitter user SomeoneSW, claims to have inside knowledge of the data breach which supposedly released “virtually every key Apple used for anything” including Gatekeeper. Although the source doesn’t seem to be credible, Apple hasn’t made any comments on the issue as of yet potentially verifying the validity of the source’s claims.

    According to the folks over at TUAW, among the services that were breached was Apple’s Enterprise Signing Key service. For those of you who didn’t know, Apple’s Enterprise Signing Key is used to sign activation tickets for bypassing iCloud locks. The key was previously used in an iCloud exploit that supposedly allowed hackers to defeat Activation Lock.

    Gatekeeper, which was another one of the services breached, has been reportedly modified as a result of the breach. It’s a security tool which Apple introduced with OS X 10.8 Mountain Lion, one that supposedly used to protect users from harmful software by placing restrictions on the installation of harmful apps/programs. Previously, Gatekeeper allowed the installation of apps in the Mac App Store that have been signed by developers who are registered through Apple’s Developer ID Program. With the recent events, Apple is likely to change the way apps are recognized by Gatekeeper in future iterations of the Mac software. We’ll have to see what additional information is released regarding the matter by being patient.

    Source: TUAW, SomeoneSW (Twitter)
    This article was originally published in forum thread: Apple's Gatekeeper App Signing Changes Reportedly Made Due to a Security Breach started by Akshay Masand View original post
    Comments 1 Comment
    1. qumahlin's Avatar
      qumahlin -
      "Apple hasn’t made any comments on the issue as of yet potentially verifying the validity of the source’s claims."

      No. I'm really sick of "journalists" who claim that silence on a topic somehow means validation. This is the epitome of an adult thinking the childish game of "i'm gonna guess who it is and if you don't say anything I know i'm right" works in the real world on people with an IQ higher than 80. This does not in any way "potentially verify" the sources claims.

      Apple, like many large companies, doesn't comment or respond to every single allegation be it about a security breach, staffing changes, product launches, etc. Especially in the case of a security breach.