3/4/2023 0 Comments Dropbox for mac os x![]() The dialog box you see is a native OS X API (i.e. “We never see or store your admin password. Newhouse also asserted that Dropbox is not viewing or storing Mac users’ admin passwords. We’ve been working with Apple to eliminate this dependency and we should have what we need soon,” he added. “We use elevated access for where the built-in FS APIs come up short. ![]() “We use accessibility APIs for the Dropbox badge (Office integrations) and other integrations (finding windows & other UI interactions).” To clarify: It is a legitimate OS X dialog with misleading text + they hack around the OS security for accessibility Īddressing criticisms about the scope of the permissions the client requires, Newhouse said: “We only ask for privileges we actively use - but unfortunately some of the permissions aren’t as granular as we would like. We’ll fix that,” Dropbox’s Ben Newhouse, from its desktop client team, told TechCrunch.Ĭoncerns about Dropbox’s desktop client circulated on Hacker News and Twitter today, after two recent posts on an Apple help blog detailed what the writer dubbed OS X security “hacks” by Dropbox. In one of the AppleHelpWriter posts Dropbox is described as “using a sql attack on the tcc database to circumvent Apple’s authorization policy.”Īnd while allegations that Dropbox was creating a spoof dialogue box to phish users’ passwords proved to be incorrect, critics continued to slate its implementation of an official OS X security dialogue box that they said appeared designed to mislead users into handing over their admin passwords in order to grant Dropbox root access to the system via the Mac’s Accessibility permissions list. ![]() We ask for permissions once but don’t describe what we’re doing or why. ![]() “Clearly we need to do a better job communicating about Dropbox’s OS integration. Dropbox has responded to concerns about how it implements the desktop client of its cloud storage service on Apple’s macOS platform, conceding it needs to do more to communicate how the integration functions and the permissions it’s requesting. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |