![]() ![]() Dropbox uses the system password to then drop three binary files onto the computer. Stokes said in his blog post that gaining access to the system password still shouldn't be enough to allow Dropbox to place itself in accessibility.īy late August, however, Stokes had found the answer. It advises that the system password is necessary "for Dropbox to work properly." But the mystery wasn't completely solved. Instead, Dropbox displays a custom-worded dialog box that asks for a user's system password. It advises that an app "would like to control this computer using accessibility features" and that access can be granted through the "security & privacy preferences." Apple has a standard dialog box that appears when an application wants to get added to the system preferences menu. ![]() How Dropbox gets into accessibility isn't straightforward. "Of course, that is entirely theoretical, but all security risks are - until someone exploits them." Permission Confusion "If Dropbox itself has a bug in it, it's possible that an attacker could take control of your computer by hijacking flaws in Dropbox's code," Stokes writes. Stokes couldn't figure why Dropbox kept appearing after he revoked its accessibility privileges, and he said the security implications of his inability to remove the application are serious. The app doesn't ask a user for permission to access the Mac OS X Accessibility menu. Approved applications also get access to sensitive information, such as contacts and calendars. Accessibility allows approved applications to perform actions on a user's behalf, such as clicking on menus and buttons and deleting files. Apple introduced accessibility to allow people with disabilities, such as the blind, to still be able to use applications. Here's the concern: An application inside the accessibility menu has total power over a computer. ![]() Of course, that's the kind of behavior that makes advanced users very, very nervous. And once the program is in accessibility, it can't be easily removed - or at least, if it gets removed, it keeps reappearing, Stokes said. "If Dropbox itself has a bug in it, it's possible that an attacker could take control of your computer by hijacking flaws in Dropbox's code."Īlthough Dropbox asks for permission to be added to the accessibility menu, it arguably isn't honest about the its exact motivations. Stokes, who digs deep into the workings of OS X, said he couldn't figure out why it seemed to be impossible to eliminate Dropbox from Apple's accessibility menu, which falls under the operating system's security and privacy options. The warning over the apparent liberties taken by Dropbox's software comes via Phil Stokes, a developer and freelance writer who authors the Applehelpwriter blog. See Also: OnDemand | Zero Tolerance: Controlling The Landscape Where You'll Meet Your Adversaries But that hasn't stopped some users from vowing to never to use the file-sharing application again. Dropbox officials have downplayed the finding, saying its Mac desktop app requires the modification to function correctly. Mystery: Why doesn't Dropbox want to leave Apple's accessibility menu?Ī developer's discovery of a sneaky trick used by Dropbox to gain wide-ranging access to Apple Mac OS X computers has infuriated some users, who allege the popular application is acting in a manner that's similar to malware.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |