Dropbox Security Concern Addressed by macOS Sierra, Now Explicitly Asking For Permissions
Following several reports released earlier this month outlining Dropbox-related security concerns, developer Phil Stokes has confirmed in a blog post that macOS Sierra addresses the concern. Apple’s latest version of their desktop operating system pops up a dialog asking the user to grant the Dropbox client permission to Accessibility.
Concerns against the Dropbox client for Mac were raised after it was demonstrated that the app effectively had root access to the machine. In earlier version of the operating system, there was never a dialog box that asked the user if they want to grant the app that permission. In his blog post, Stokes said:
“Let’s assume for the sake of argument that Dropbox never does any evil on your computer. It remains the fact that the Dropbox process has that ability. And that means, if Dropbox itself has a bug in it, it’s possible an attacker could take control of your computer by hijacking flaws in Dropbox’s code.”
In a new blog post, Dropbox still recommends that Mac users running macOS Sierra update their Accessibility permissions.
macOS Sierra was publicly released today as a free update on the Mac App Store.
[via Daring Fireball]