Although open source software is often safe and Mac program installation is generally thought to be safer than Windows app installation, there are exceptions to both of these generalisations that can seriously compromise your privacy and security.
A shocking illustration of this vulnerability is provided by a recent Trend Micro discovery. A malicious hack that steals your Apple Keychain data has been added to an open source tool that was created to assist Mac users with signing apps for the iPhone and iPad. ResignTool is the original app, and it can be downloaded for free from the well-known open source website GitHub. The code and the six-year-old, fully functional software are both available for download from GitHub. The issue is not that.
The difficulty comes from how simple it is to access the code, make modifications, and upload the modified version of the software somewhere else. The hacker needs to perform very little work in order to distribute malware that appears to be an app with sincere good intentions.
Since your Mac automatically synchronises passwords you’ve stored on your iPhone and iPad in the Keychain, if you make the mistake of downloading the virus version of an open source app, you might be handing out the keys to your Apple kingdom. Passwords for banking websites and financial apps could be taken, as well as login information for every app and website.
There are sensible alternatives to allay these worries. Applications and websites that are really critical should offer two-factor authentication. Get tested-safe programmes from the Mac App Store if at all possible. Make sure you know and trust the source before downloading anything from a website. Additionally, you might want to see if antivirus security for your Mac would be beneficial.
