Apple defended itself against accusations of security breaches and breaches of privacy in a new version of macOS. The controversy began due to flaws presented in the latest version of the platform, Big Sur, which created several problems for users when opening applications from other developers.
In response to the incident, security researcher Jeffry Paul published a post called “Your Computer Isn’t Yours”, accusing Apple of saving and not encrypting login information of users precisely on the feature that should protect you from malware intrusion.
But what’s the problem?
Apparently, according to Paul, the problem was with Gatekeeper, a security feature that authenticates any command to open an application in the operating system to ensure that it is safe.
The company would be sending a huge amount of information via OCSP (Online Certificate Status Protocol) in this certificate validation process – all without encryption and with an abnormal amount of data, which would mean a large-scale privacy breach, further impaired for the Big Sur failures.
The Apple side
However, not all of the researcher’s accusations seem to proceed. According to the company, the Gatekeeper does indeed share information between the users machine and its servers, but they only involve basic certification data necessary for its proper functioning.
Apple also said it will re-evaluate how the service works, encrypt the information exchanged and allow disgruntled users to disable the connection, although this is not recommended for security reasons. She also promised improvements so that overloads don’t happen again.
Other researchers, such as Jacopo Jannone, also elaborated better on the case, clearing the use of OCSP. The expert’s text (in English) provides an overview of the situation and should at least partially reassure the community.