About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Home » Products » Reviews » The Bad » CleanMyMac 1.5.1

CleanMyMac 1.5.1 Under the Bonnet

MacPaw Inc (?)
Rating: ☆☆

MacPaw Inc (?)
Oleksandr Kosovan et al
Kiev UA

Collateral damage:
$30 for something your system can already do?

CleanMyMac allows enjoying smooth system performance combining such vital features as Slim Universal Binaries, Clean Unneeded Languages, Logs Rotation, Clean Caches, Quick and Secure Erase, Application Uninstallation, and Killing Trash Left From Buried Applications.

CleanMyMac can save gigabytes of disk space and enhance your computer speed. Go ahead and give it a shot! Your Mac will definitely be grateful!

The more junk files are stored on your Mac the slower it will work. Processes of saving and storing unnecessary files take your priceless time. Using CleanMyMac will professionally help your Mac reduce the amount of operations required for your online and offline activities.
 - CleanMyMac documentation

CleanMyMac could very well become a standard on this platform. It's an app that should be included with the system. But there could be need for some not so minor adjustments under the hood first.

The MacPaw people haven't always shown the greatest understanding of how OS X works - either that or they were hoping the clientele didn't. Their previous offering MacHider wasn't exactly a winner, trying the same old dumb tricks to hide things away from people (and utterly failing of course). [Check the review.]

But in all fairness that doesn't have to reflect on this app. Although again in all fairness CleanMyMac 1.5.1 sticks mostly to the small fry and doesn't go after the bigger fish. No attempt at removal of extraneous NIB files for instance.

But what does this app look like under the bonnet? Aye there's the rub, as a famous Dane once said.

000000000003ff9c Click the lock to authentificate
000000000003ffc0 system.privilege.admin
000000000003ffd8 Authorizing...
000000000003ffe8 Permition denied!
000000000003fffc          Authorized
0000000000040010 -rfP
0000000000040018 rm -rfP "%@"
0000000000040028 /bin/rm
0000000000045e38 UniversalBinaries
0000000000045e4c %@ is in the ignore list
0000000000045e68 Are you sure you want to slim it?
0000000000045e9c /usr/bin/touch
0000000000045eb8 /usr/bin/arch
0000000000045ec8 Unsupported architecture
0000000000045ee4 Couldn't find  arch utilyti
0000000000045f20 We apologize, but CleanMyMac couldn't define your Mac's architecture.
0000000000045fec lipo "%@" -thin %@ -output "%@.lipo"&& mv -f "%@.lipo" "%@"; exit;
0000000000046038 -thin
0000000000046040 -output
000000000004604c Couldn't Overwrite original file %@
0000000000046070 /usr/bin/lipo
0000000000046080 /bin/mv
0000000000048ea8 /Library/Receipts
0000000000048ebc /usr/bin/lsbom
0000000000048ecc .pkg/Contents/Archive.bom
0000000000048ee8 .pkg/Contents/Info.plist
000000000004a720 Startup Item
000000000004a730 /bin/ps

And so forth. The guts of CleanMyMac is the Unix command line. Except as per usual you're not told that. And if you're going to release a product and push it hard internationally then you best be using your spell checker. Particularly when you're making your own banner ads.

But things might actually turn even worse: CleanMyMac wants to let you go into protected system areas if you want to. It does this through the system authorisation services. Naturally the app itself won't be escalated - that's asking for it - but the stuff it sends through its back channel (NSPipe, NSTask) will.

Commands such as the 'rm -rfP "%@"' (the quick erase) might have to be authorised if they target protected areas. But the command line arguments they will use - that are sent to the authorisation services - are embedded in an unprotected binary.

  • As Apple themselves caution: don't forget when using the authorisation services that you have to protect the module you're escalating (and your invocation of it).

  • As the redoubtable 'LMH' of the Month of Apple Bugs pointed out: you just don't use system() in an unprotected module unless you want to get pwned.

It should be relative child's play to craft a targeted attack by doctoring the CleanMyMac binary on the victim's machine to substitute 'far better' command lines and then wait for the victim to invoke them, giving the perp a new root ghost account or anything desired.

There's more than one reason it's never a good idea to hide system commands in Cocoa bundles.

Next: CleanMyMac 1.5.1 Packaging ›

About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Copyright © Rixstep. All rights reserved.