Sidebar Sidebar
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

DropBox Gains Root Privilege of Your Mac Through Hack

Status
Not open for further replies.
CrickettGrrrl

CrickettGrrrl

macrumors 6502a
Original poster
Feb 10, 2012
985
274
B'more or Less
I'm surprised not to see this posted on MacRumors somewhere. Here are links to how DropBox is doing it, what one can do to mitigate it, etc.:

http://applehelpwriter.com/2016/07/28/revealing-dropboxs-dirty-little-security-hack/#comment-27348

http://applehelpwriter.com/2016/08/29/discovering-how-dropbox-hacks-your-mac/

http://www.loopinsight.com/2016/09/...tter&utm_campaign=twitter&utm_medium=referral

Screen Shot 2016-09-11 at 10.50.33 AM.png
 
Last edited:
Pakaku

Pakaku

macrumors 68040
Aug 29, 2009
3,273
4,844
Must be a recent thing or requires actually running Dropbox. I ditched it for Mega and there's nothing in my Privacy tab about anything like this.
 
K

KALLT

macrumors 603
Sep 23, 2008
5,380
3,415
It was posted a while back. I suspect that Dropbox uses this hack to re-enable the extension and add the Dropbox icon to the Finder toolbar and sidebar. In other words, pure convenience in exchange for security.
 
CrickettGrrrl

CrickettGrrrl

macrumors 6502a
Original poster
Feb 10, 2012
985
274
B'more or Less
It's essentially a large back door into a Mac.

Deleting the /Library/DropboxHelperTools files and removing DB from the Security & Privacy/Accessibility apps list still allows Dropbox to function as one would expect. What's very troubling is DB's less than ethical sql hacks to gain root privilege & their spoofed password request box.
 
W

WilliamG

macrumors G4
Mar 29, 2008
10,008
3,894
Seattle
CrickettGrrrl said:
I'm surprised not to see this posted on MacRumors somewhere. Here are links to how DropBox is doing it, what one can do to mitigate it, etc.:

http://applehelpwriter.com/2016/07/28/revealing-dropboxs-dirty-little-security-hack/#comment-27348

http://applehelpwriter.com/2016/08/29/discovering-how-dropbox-hacks-your-mac/

http://www.loopinsight.com/2016/09/...tter&utm_campaign=twitter&utm_medium=referral

View attachment 650222
Click to expand...

To be fair, for some reason Smashtunes, MacID, Steam and Diablo 3 also had check marks enabled in my Accessibility settings. Wassup with that?
 
K

KALLT

macrumors 603
Sep 23, 2008
5,380
3,415
WilliamG said:
To be fair, for some reason Smashtunes, MacID, Steam and Diablo 3 also had check marks enabled in my Accessibility settings. Wassup with that?
Click to expand...

If you don’t know, then you should ask the developers. These apps have effectively the same controls as you have using keyboard and mouse/trackpad, among other things. You should try revoking these permissions and see if these programs still work normally. I suspect that MacID legitimately needs this access.
 
Status
Not open for further replies.
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.
Top Bottom