Category Archives: iTunes
Spoofing or phishing – presenting a user with fake authentication requests – is a common email tactic, but it’s not the only vector where you need to be on your guard. Every version of macOS is vulnerable to a very simple phishing attack right on your desktop that doesn’t require admin privileges to run, would not be detected by GateKeeper or XProtect, and which could easily be placed on your mac by any of the nefarious malware / adware installer scripts that come with some less reputable software downloads.
This attack isn’t new, but it’s not often talked about. The easiest way to see how it works is in this quick 4-minute demo:
As you can see, it’s easy to grab the icon of any Application and put it in the script; it doesn’t even have to be the icon of an app that’s running. The simple demo I gave above could easily launch iTunes first to increase the coherence of the attack, or it could use a completely different icon, including the icon of security programs you may have running on your mac.
How can you check?
If you were presented with a password request like this and wanted to check whether it’s legitimate or not, an easy way would be to use my free utility DetectX Swift’s Profiler. Click the Profiler function, and search for ‘osascript’ within the Running Processes section. Note how DetectX Swift shows you the text of the script being run, confirming that this dialog is up to no good:
There it goes again – that little red badge on the App store telling you that there’s an update for your software. Only problem is, when you go to check it out, it turns out to be some little app that you downloaded but rarely use or which, for some reason (like not using up a limited download cap), you don’t particularly want to update.
Actually, there’s two ways you can get round this problem. The first, as obvious as it may seem, is to simply delete the app from your computer. If it was an app you purchased, don’t worry – it’ll still be in your purchases tab in the App store if you decide you want it back again one day.
Another way – and one which might also come in handy for those who use the app but don’t want the update – is to hide the app from your purchases list. This means you keep the app on your system, but the App store won’t inform you about updates. If this is the trick for you, then here’s how to do it:
To hide an app:
1. Open the App store and go to your purchases page. Sign in if necessary.
2. Control-click on the app you want to hide, and chose ‘Hide Purchase’.
It’s as easy as that! If you ever want to unhide this app, see if there are any updates, or just check whether any apps are already hidden (I found iPhoto had somehow got hidden without my knowing about it, and thus I wasn’t getting any updates for it!) then:
To unhide an app:
1. Open the App store.
2. In the menubar at the top, click ‘Store > View My Account…’
3. Sign in and wait for the Account page to show up.
4. Under ‘iTunes in the Cloud’, click on ‘Hidden Purchases’ and choose the apps you want to unhide. If you don’t see the ‘iTunes in the Cloud’ heading, then you don’t have any apps hidden.
5. Click ‘Done’ on the bottom right of the Accounts page.
featured picture: ‘Stop’ by SpongeSponge
At the moment there seems to be a problem in iTunes with the ‘download all updates‘ button. There will undoubtedly be a fix for this coming soon — word is that this is a server-side problem at the App store and nothing to do with the Lion install specifically.
In the meantime, you can still update your apps by clicking on the individual update buttons under each individual app in the same App Store Update window.
I know, a pain if you’ve got more than four or five, but a workable solution till Apple sort it their end.