Mac App Store exposes users to security risks, claims researcher

The Mac App Store's current version of OperaIf you are using the Apple Mac App Store you might be putting your computer’s security at risk.

That’s the finding of security researcher Joshua Long who has warned that the App Store has not published the latest versions of various applications, despite the fact they can include critical security updates.

Here’s part of Long’s warning:

Third-party Web browser maker Opera has released version 11.11 of its software, which fixes a "critical" security issue.

Sign up to our free newsletter.
Security news, advice, and tips.

Mac users who have downloaded Opera through the App Store may find themselves using a copy of Opera that is now two versions old, 11.01, which was released back in March and is vulnerable to the security bug patched in 11.11.

Users who rely on the App Store to tell them whether their software is up-to-date may not be aware of the security risks and may continue to use an unsafe version of the Opera browser.

Opera on the Mac App Store

Long says that he contacted Apple and Opera about the issue. Opera replied saying that they were waiting on Apple to approve the next version of Opera for Mac (Apple’s approval is necessary before anything gets posted in the Mac App Store).

Apple's promotion of App Store updatesPut in simple terms, Apple seems to be falling short of the promise it makes in its promotion of the App Store that it “keeps track of your apps and tells you when an update is available” and that “you’ll always have the latest version of every app you own.”

And, it appears, that Opera is not the only application in the Mac App Store that is out-of-date and might be vulnerable to security flaws. Long points out that Amazon’s Kindle app in the App Store, for instance, hasn’t been updated since January.

So, the key question is, how quickly is Apple going to approve the latest Opera update, and other software which might have been updated to secure against critical security vulnerabilities, for the App Store?

Because if Apple can’t update software containing critical security patches to the App Store in a timely fashion, users might be wiser getting their software via a more conventional route – such as (in the case of Opera) a direct download from the vendor’s own website.

Read more about the App Store issue in the article posted by Joshua Long on of security researcher Joshua Long who has The JoshMeister blog.


Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.