Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Lapsed Apple certificate triggers massive Mac app fiasco

Gregg Keizer | Nov. 13, 2015
Affects most paid apps purchased from the Mac App Store; forces Mac owners to reboot, and delete-reinstall apps galore.

mac app store

A lapsed Apple digital certificate today triggered a massive app fiasco that prevented Mac users from running software they'd purchased from the Mac App Store.

"Whenever you download an app from the Mac App Store, the app provides a cryptographically-signed receipt," explained Paul Haddad, a co-founder of Tapbots, the company behind the popular Tweetbot Twitter client, in an email reply to questions today. "These receipts are signed with various certificates with different expiration dates. One of those is the 'Mac App Store Receipt Signing;' that expires every two years. That certificate expired on 'Nov 11 21:58:01 2015 GMT,' which caused most existing App Store receipts to no longer be considered valid."

Whoops.

The result: Bedlam.

Until Apple replaced the expired certificate, users who booted up their Macs today were unable to launch the apps they had bought through the Mac App Store, the OS X version of the iPhone's distribution portal.

But even after Apple replaced the outdated certificate, many apps still refused to run or threw off scary error messages, including one that said the app was "damaged and can't be opened," and others that said the app was already being used on another Mac, when it was, in fact, not.

Some Computerworld staffers instead were asked to re-enter their Apple account credentials -- those used to originally buy the apps -- in a too-fleeting dialog, or were stymied when clicking on an app in the Dock simply did nothing and displayed no alert, warning or error message.

Most users were forced to delete the dysfunctional apps, then download and reinstall them from the Mac App Store to restore them to working order.

The problem impacted most if not all paid apps bought through the Mac App Store; the bulk of paid apps regularly check with Apple's servers to make sure that a receipt exists for the purchase before running. "I'm guessing most paid Mac App Store apps will do this. Free ones may not bother," said Haddad, when explaining why some users haven't been affected.

Haddad also said that some underlying problems remained in Apple's e-store infrastructure. "Apple is now creating receipts which will expire in 2017, [but] for some reason some part of the Store infrastructure on [OS X] is either not requesting these new receipts until after a reboot or not properly validating them [emphasis added]. Either way, there's still a bug somewhere in OS X."

As Haddad mentioned, the certificates Apple uses have a two-year lifespan. In fact, the problem cropped up two years ago and will likely reoccur in 2017.

 

1  2  Next Page 

Sign up for CIO Asia eNewsletters.