We have been really busy around here with the new iPhone/iPod touch version of 1Password. Overall things have gone as smooth as one could expect for a new product on a new device. Unfortunately, we have found some serious issues that need the be addressed.
The most serious issue involves the OS X Keychain Service and how it detects if an application is allowed to access an item in a keychain.
Posted by David Teare on August 25, 2008 at 11:10 AM in 1Password, Code Signing | Permalink
|
Comments (19)
OS X 10.5 Leopard brings a new Code Signing security feature that helps verify the integrity of an application. Applications are signed by their creators before being distributed using their private key, and then can be verified on the customer's machine using the companies public key.
The OS X Keychain Services leverage this new Code Signing feature to verify the signature of each application before it will allow access to the contents of the keychain. By verifying the signature, the OS X Keychain Services can detect when a potentially malicious change has been made to an application and thereby protect your sensitive data by denying the changed application access.
Since the upgrade to Leopard, many 1Password users have written in to mention that they cannot access their data, usually from within Safari. At first we were confused why the keychain data could not be accessed from within Safari, yet it was accessible from other browsers and the 1Password application.
Continue reading "Leopard Code Signing and Keychain Problems" »
Posted by admin on November 13, 2007 at 06:20 PM in 1Password, Code Signing, Keychain, Leopard, Mac, Security, Uncategorized | Permalink
|
Comments (31)
Recent Comments