Mac App Store apps ‘damaged’ following security certificate bug
Thu 12 Nov 2015
Complaints have been firing in against Apple after users were required to delete and re-install Mac App Store apps following a major security management error.
Overnight Mac users experienced trouble when using apps bought or downloaded from the App Store, after the security certificate Apple uses as an anti-piracy measure expired. Five years after the certificate’s creation, the tech giant had not prepared an immediate alternative.
The apps became temporarily unavailable and displayed a “damaged” error message from 10pm (UK) on Wednesday night. Having fixed the error shortly after, with an updated certificate – extending the expiry date to April 2035 – users continued to face problems with their apps. Not able to connect to the internet, some users could not verify the new certificate. Others, who had forgotten their login details, were unable to use the downloaded apps until they were successfully logged in.
Some users whose Mac apps were completely broken, had to delete and reinstall each programme that they had downloaded from the App Store.
The cause of the app bug was first reported by Mac and iOS software developer Paul Haddad. He uncovered the expiry date for the authentication certification on Wednesday night. Haddad also speculated that the receipts now using SHA256 encryption could be the source of the problem with older OS X versions.
However, the issue also appears in OS X El Capitan, which Haddad believed could mean that multiple Mac App Store apps contacting Apple’s servers at the same time could be provoking a “self inflicted DDoS on Apple’s receipt generation service.”
It is still unclear which apps the issue is affecting, with users reporting either a glitch across a range of software, while others only report issues with a single app. Popular apps such as 1Password, Acorn, Byword, Call of Duty and Tweetbot were among those taken down.
The App Store issues security certificates to keep track on the correct purchase of its apps, as well as to ensure that malicious software is kept at bay. The iPhone maker is yet to provide comment on the security mishap.