Search Results for “William Gallagher”


May 27, 2019
William Gallagher / Apple Insider

William Gallagher / Apple Insider  
Class Action Lawsuit Alleges Apple Profits From Extensive Release of Users’ Demographic Data in Connection With Music Listening Apps, Services

Three residents of Rhode Island and Michigan have filed a class action lawsuit against Apple in the US District Court, Northern District of California, on behalf of all Apple users alleging that the Cupertino giant profits from releasing extensive demographic data about its users, including their full names, ages, and addresses, plus their history of music listening preferences. The suit alleges that Apple” sells, rents, transmits and/or otherwise discloses, to various third parties” and offers details of how this information is sold by Apple. As an example, the suit claims that “the Personal Listening Information of 18,188,721 ‘iTunes and Pandora Music Purchasers,’ residing across the United States (including in Michigan and Rhode Island), is offered for sale on the website of Carney Direct Marketing.” A second company selling the same information, SRDS, is offered as another example. Finally, the suit cites a bug discovery of iOS developer Ben Dodson, which was reported to Apple but not fixed until eight months later on September 13, 2016. The bug allegedly allowed the entire music databases of iTunes to be exposed and Apple reportedly notified users at the time of the bug fix that it would be sharing iTunes listening data to third parties.

May 26, 2019
William Gallagher / Apple Insider

William Gallagher / Apple Insider  
macOS Gatekeeper Can Be Easily Bypassed Due to Design Flaw in How it Treats External Drives, Network Shares

A flaw in the design of macOS makes it “possible to easily bypass Gatekeeper,” Apple’s system that is intended to ensure that only trusted software runs on Macs, security researcher Filippo Cavallarin of Italian cybersecurity firm Segment Srl discovered. The vulnerability stems from the fact that Gatekeeper considers both external drives and network shares as safe locations, allowing any applications they run to be considered safe. For example, zip archives can contain symbolic links pointing to an arbitrary location and the software on MacOS that is responsible to decompress zip files does not perform any check on the symlinks before creating them. Cavallarin told Apple of the problem on February 22 and this issue was supposed to be fixed by May 15 but the company has yet to address it.