Developer Portal Breach May have Forced Apple’s Gatekeeper Changes

| News

Changes to the Gatekeeper feature in OS X Mavericks designed to help protect users from malware and may be the result of a security breach Apple experienced through its Developer Portal. Developers first saw the change in the beta version of OS X 10.9.5, and if they haven't updated the digital signatures in their apps, end users will start seeing warnings saying those apps may not be trustworthy.

A Developer Portal security breach may be behind Apple's Gatekeeper changesA Developer Portal security breach may be behind Apple's Gatekeeper changes

Word that Apple made the change because of the Developer Portal security breach surfaced on Twitter when @SomebodySW said, "The keys used for Gatekeeper were stolen in that Developer Portal breach a while back," and added that keys for "many other things" were taken, too.

The Developer Portal was shut down for several days a few months ago after attackers managed to hack into the system. The shut down was a major inconvenience for app coders, but Apple felt the move was necessary to prevent further breaches while security updates were put in place.

One anonymous Twitter user's comments aren't enough to definitively show that Apple made the changes in direct response to the security breach, @SomebodySW said they approached by the people who performed the breach with an offer to sell the keys.

The Mac Observer has contacted Apple and will report back with the company's response.

[Thanks to TUAW for the heads up]

The Mac Observer Spin The Mac Observer Spin is how we show you what our authors think about a news story at quick glance. Read More →

Protecting users and developers from security risks is a hard job, and it isn't any secret that Apple's Developer Portal fell victim to attackers. It's possible the information the attackers made off with forced the company to change how Gatekeeper works to prevent similar attacks in the future.

Popular TMO Stories

No Comments

Log in to comment (TMO, Twitter or Facebook) or Register for a TMO account