Apple’s new Mac download store 'has serious security flaws'


Apple’s new Mac download store 'has serious security flaws'

Kathleen Hall

Hackers and security commentators say they have located security flaws in Apple's new Mac download store, which launched last week.

Apple blogger John Gruber said that without proper code validation, Mac App Store downloads were easily bootlegged.

"This isn't true for apps that follow Apple's advice on validating App Store receipts. But, alas, it appears that many apps don't perform any validation whatsoever, or do so incorrectly, like Angry Birds. Angry Birds checks for a valid receipt, but doesn't check to see that the bundle ID for the receipt matches its own bundle ID," he said.

Piracy group Hackulous also claimed it had developed a programme to hack the Mac store's applications.

The news follows a statement from the company claiming more than one million downloads were made in the first day of the Mac download store's launch.

"We're amazed at the incredible response the Mac App Store is getting," said Steve Jobs. "Developers have done a great job bringing apps to the store and users are loving how easy and fun the Mac App Store is."

The Mac App Store is available for Snow Leopard users through Software Update as part of Mac OS X v10.6.6.

Developers set the price for their apps and keep 70% of the sales revenue.

But Computer Weekly blogger Adrian Bridewater said it is not easy for developers to get an app on to the store. "At this stage one imagines that there will be as many tight monitoring controls in place here as there are on Apple's mobile app portal," he added.

Email Alerts

Register now to receive IT-related news, guides and more, delivered to your inbox.
By submitting your personal information, you agree to receive emails regarding relevant products and special offers from TechTarget and its partners. You also agree that your personal information may be transferred and processed in the United States, and that you have read and agree to the Terms of Use and the Privacy Policy.

COMMENTS powered by Disqus  //  Commenting policy