Q1 in what universe can an app install a persistent web server that re-installs other code without user consent? This should be unthinkable, full stop (period, for our US friends).
Q2 what OTHER code can be installed that lies in wait, unchallenged by macOS, for the opportunity to install more INTERESTING code?
This is as big an issue as the passwordless root access Apple perpetrated on the entire Mac community for 12 months. What has Apple done to ensure every Mac on the planet does not have “rootkit” (NSA or otherwise) malware on it? We’re totally effed by this unforgivable “oops”. No amount of talk about security and privacy will ever fix this.
Zoom opened our eyes to the simplest vulnerability and macOS is revealed as wide open – yet AGAIN !
Who’s in charge of security at Apple? And why have they not been publicly burned at a stake to show some amount of contrition? This makes Flash look secure. Seriously. Is Kevin Lynch working at Apple or something?
macOS has always stored receipts for packages you install, in the form of BOM (bill of materials) files. They used to all go into /Library/Receipts (and its ~ and /System counterparts), but since El Capitan, most are now found in /private/var/db/receipts.
You’ll also find InstallHistory.plist in /Library/Receipts, which lists every package you (or the system — it includes things like Gatekeeper and XProtect updates) has ever installed on a machine, in chronological order.
You can either use the ‘lsbom ‘ command in the terminal to show the contents of BOM files, or open them in app like Pacifist for a more visual representation.
Many uninstaller apps will use an app’s BOM file as the main source of files to delete, and will also delete the BOM itself afterwards. Of course, the BOM only lists files created at install time — any app can create more files at runtime, or indeed dynamically at install time via scripts, that may be hard to find and remove later if they’re not in one of the standard locations. Although these days, thanks to sandboxing and SIP, there are a lot fewer weird and wonderful places that apps are allowed to put such files than there used to be.
Q1 in what universe can an app install a persistent web server that re-installs other code without user consent? This should be unthinkable, full stop (period, for our US friends).
Q2 what OTHER code can be installed that lies in wait, unchallenged by macOS, for the opportunity to install more INTERESTING code?
This is as big an issue as the passwordless root access Apple perpetrated on the entire Mac community for 12 months. What has Apple done to ensure every Mac on the planet does not have “rootkit” (NSA or otherwise) malware on it? We’re totally effed by this unforgivable “oops”. No amount of talk about security and privacy will ever fix this.
Zoom opened our eyes to the simplest vulnerability and macOS is revealed as wide open – yet AGAIN !
Who’s in charge of security at Apple? And why have they not been publicly burned at a stake to show some amount of contrition? This makes Flash look secure. Seriously. Is Kevin Lynch working at Apple or something?
And where’s Kheit when you need him?
macOS has always stored receipts for packages you install, in the form of BOM (bill of materials) files. They used to all go into /Library/Receipts (and its ~ and /System counterparts), but since El Capitan, most are now found in /private/var/db/receipts.
You’ll also find InstallHistory.plist in /Library/Receipts, which lists every package you (or the system — it includes things like Gatekeeper and XProtect updates) has ever installed on a machine, in chronological order.
You can either use the ‘lsbom ‘ command in the terminal to show the contents of BOM files, or open them in app like Pacifist for a more visual representation.
Many uninstaller apps will use an app’s BOM file as the main source of files to delete, and will also delete the BOM itself afterwards. Of course, the BOM only lists files created at install time — any app can create more files at runtime, or indeed dynamically at install time via scripts, that may be hard to find and remove later if they’re not in one of the standard locations. Although these days, thanks to sandboxing and SIP, there are a lot fewer weird and wonderful places that apps are allowed to put such files than there used to be.