Mac OS X Archive

OS X ransomware infected Transmission installer

On March 4, we detected that the Transmission BitTorrent client installer for OS X was infected with ransomware, just a few hours after installers were initially posted. We have named this Ransomware "KeRanger." The only previous ransomware for OS X we are aware of is FileCoder, discovered by Kaspersky Lab in 2014. As FileCoder was incomplete at the time of its discovery, we believe KeRanger is the first fully functional ransomware seen on the OS X platform.

Attackers infected two installers of Transmission version 2.90 with KeRanger on the morning of March 4. When we identified the issue, the infected DMG files were still available for downloading from the Transmission site Transmission is an open source project. It's possible that Transmission's official website was compromised and the files were replaced by re-compiled malicious versions, but we can't confirm how this infection occurred.

Fascinating hack - they basically compromised the Transmission website to upload infected installers. And it worked, too.

Update: Apple has shut down the exploit by revoking the compromised app's certificate.

Previously downloaded OS X installers no longer work

File this one under "Obscure problems that could ruin your day." TidBITS reader Randy Singer reports that due to an expired certificate, OS X installers downloaded prior to 14 February 2016 won't work.

The Apple Worldwide Developer Relations Intermediate Certificate is required for all apps in the Mac App Store, including OS X installers. When used to sign an app, the certificate enables OS X to confirm that the app has not been corrupted or modified by an attacker. This certificate expired on 14 February 2016, causing error dialogs and preventing some apps from launching. Most apps affected have already been updated with the new certificate. But if you downloaded an OS X installer in case of trouble, you may be in for a surprise the next time you try to use it.

Take note.

13 million MacKeeper users exposed

The makers of MacKeeper - a much-maligned software utility many consider to be little more than scareware that targets Mac users - have acknowledged a breach that exposed the usernames, passwords and other information on more than 13 million customers and, er... Users. Perhaps more interestingly, the guy who found and reported the breach doesn't even own a Mac, and discovered the data trove merely by browsing Shodan - a specialized search engine that looks for and indexes virtually anything that gets connected to the Internet.

The most surprising news here is that apparently at least 13 million Mac users have this piece of scamware installed. You know, it's almost as if Mac users are not the special flower children some people would like us to believe, and are just as susceptible to social engineering and lapses in judgment as anyone else.

Who knew, right?

Leaving the Mac App Store

There are a number of reasons for Sketch leaving the Mac App Store - many of which in isolation wouldn't cause us huge concern. However as with all gripes, when compounded they make it hard to justify staying: App Review continues to take at least a week, there are technical limitations imposed by the Mac App Store guidelines (sandboxing and so on) that limit some of the features we want to bring to Sketch, and upgrade pricing remains unavailable.

And this is yet another lauded developer leaving the fledgling Mac App Store behind. Tapbots' Paul Haddad is pretty on point.

Five to ten years from now, we'll all laugh about how terrible of an idea the centralised, controlled, closed application store was, and mourn the immense damage it has done to developers. A short gold rush, followed by the total destruction of the independent developer community. I hope it was worth it.

Apple user anger as Mac apps break due to certificate lapse

Mac users faced trouble with their apps overnight after the security certificate Apple uses to prevent piracy expired late on Wednesday.

Applications downloaded from the Mac App Store were temporarily unavailable from 10pm UK time, when a security certificate expired, five years after its creation, with no replacement immediately available.

Even once Apple fixed the error, issuing a new certificate for the apps (with an expiry date of April 2035, this time), users were still faced with problems. Those who could not connect to the internet couldn’t verify the new certificate, while those who had forgotten their password or couldn’t log in to iCloud for some other reason are also unable to use the downloaded apps until they can log in to the service.

My tweet from yesterday seems apt here. Unbelievably incompetent.

Review: Commander One Finder Alternative

For all of the strengths of OS X, two of the complaints recycled year after year are the aged filesystem, HFS+, with its lack of file integrity, and the file manager, the Finder. While replacing HFS+ remains out of our reach, an alternative to the Finder for day-to-day tasks has been achievable for some time. Enter "Commander One," a dual-pane file manager that seeks to fill in the holes that the Finder has famously left. Let's dig in and see what Commander One has to offer.

OS X El Capitan license: in plain English

I thought it'd be a "fun" project to see what the "El Capitan License" actually says. Cool idea, huh? Kind of like spelunking through a cave that everyone says they’ve been through, but maybe no one really has. What will I find wedged in a wall or lurking in the dark around the next turn?

These software licences are always pretty much the same - and unlike what many people assume, they're really not targeted at us, the user, but more at limiting liability for the company that writes them. Clearly, as always, Apple is no different than all the others.

El Capitan’s System Integrity Protection

With El Capitan released, there's one 'feature' that really needs to be highlighted - for better or worse.

System Integrity Protection (SIP, sometimes referred to as rootless) is a security feature of OS X El Capitan, the operating system by Apple Inc. It protects certain system processes, files and folders from being modified or tampered with by other processes even when executed by the root user or by a user with root privileges (sudo). Apple says that the root user can be a significant risk factor to the system's security, especially on systems with a single user account on which that user is also the administrator. System Integrity Protection is enabled by default, but can be disabled.

Here's Apple's WWDC presentation about SIP, and here's the Ars review's section about it.

OS X El Capitan released

All the reviews are already published, but today, Apple also actually, you know, released OS X El Capitan.

OS X El Capitan, the latest version of the Mac operating system, builds on the groundbreaking features and beautiful design introduced in OS X Yosemite, refining the experience and improving performance in lots of ways that you’ll enjoy everyday.

Y'all know where to get it!

OS X 10.11 El Capitan: the Ars Technica review

Sadly no longer written by John Siracusa, but still a good read: Ars' Max OS X El Capitan review.

Really, this is the first time in several years that iOS and OS X have felt like they've gotten (and needed) the same amount of attention from Apple - both get to spend a release in the slow lane as Apple puts its marketing muscle behind newer platforms like the Apple Watch and the new Apple TV. Like iOS 9 (and Mountain Lion, and Snow Leopard), El Capitan is about refinement. Yosemite's big statement was "This is what OS X looks like now." El Capitan's is a relatively meek "Hey, I have a couple neat tricks to show you."

Apple releases OS X 10.10.4, iOS 8.4

Speaking of Apple:

Apple today released OS X Yosemite 10.10.4, an under-the-hood update that introduces several bug fixes and performance improvements. Most notably, 10.10.4 includes the removal of the problematic Discoveryd process, which has caused multiple networking issues for some users in OS X Yosemite.

I'm curious to see if this will solve the reconnect-on-wake issues my retina MacBook Pro has. In addition, Apple also released iOS 8.4, which includes a radio station, in case you're sick of listening to the music you want without some random dude blabbering through your songs.

Mac OS X El Capitan preview

Looking across the updates in El Capitan, the story is clear: Apple is making life way better for people who live in its ecosystem. But if you don't live in Apple's garden, the benefits are less clear. Yes, it's faster and there are bugfixes all around, but to take advantage of Apple's updates you really need to use Apple's apps.

I just want El Capitan's Metal and Aero Snap. That name is horrible, though.

Apple drops discoveryd in latest OS X beta

After many complaints from the developer community about poor networking performance on Yosemite, the latest beta of OS X 10.10.4 has dropped the discoveryd in favor of the old process used by previous versions of Mac operating system. This should address many of the network stability issues introduced with Yosemite and its new networking stack.

A clearer sign that discoveryd was a mess, there is not.

iOS 9 & OS X 10.11 to bring ‘quality’ focus

For the first time in several years, Apple is changing up its annual iOS and OS X upgrade cycle by limiting new feature additions in favor of a "big focus on quality," according to multiple sources familiar with the company's operating system development plans. We first reported in February that iOS 9, codenamed "Monarch," would heavily feature under-the-hood optimizations, and we've now learned that Apple is taking the same approach with OS X 10.11, codenamed "Gala." Sources have revealed additional new details on how Apple will optimize the new operating systems for improved stability and performance, add several new security features, and make important changes to its Swift programming tools for developers.

OS X’s discoveryd clusterfuck

Regardless of the many issues people were reporting with discoveryd, Apple went ahead and released it anyway. As a result, this piece of software is responsible for a large portion of the thousand cuts. Personally, I've wasted many hours just trying to keep my devices talking to each other. Macs that used to go months between restarts were being rebooted weekly. The situation is so bad that I actually feel good when I can just kill discoveryd and toggle the network interface to get back to work.

Seems to be a huge paint point in OS X right now. I've experienced this issue once with my new retina MacBook Pro since I got it (a week ago), and it basically stops any data from being transferred to the Mac. The wireless connection remains online, but it just does't transfer any data. I hope Apple gets to fixing this soon.

Apple releases OS X 10.10.3 beta with new Photos application

Apple released a beta version of OS X 10.10.3 today, and it includes the first preview of its new Photos application.

Apple might have just fixed that for Mac users with the new Photos app. It's the final piece in a plan that Apple unveiled last June, and one that both fixes and unifies a patchwork system it rolled out in 2011. It's a rethink of how people manage their photo library on a Mac, something that's been iPhoto's home turf for more than a decade. Apple's discontinuing that software along with Aperture (which is aimed at pro photographers), in favor bringing the tools people have on their iPhones and iPads to the Mac. It's also been built with Apple's iCloud in mind instead of an afterthought, which feels years overdue.

Over time, iPhote gradually turned into an iTunes-esque behemoth of a program that couldn't handle larger amounts of photos and generally had serious performance issues. This new Photos applications looks amazing, and I know many, many people who are going to love this.