The favored Docker-OSX challenge has been faraway from Docker Hub after Apple filed a DMCA (Digital Millennium Copyright Act) takedown request, alleging that it violated its copyright.
Docker-OSX is an open-source challenge created by safety researcher Sick.Codes that enables for the virtualization of macOS on non-Apple {hardware}. It may be hosted on any system that helps Docker, together with Linux and Home windows.
The challenge is helpful for builders who want to check software program on macOS or safety researchers attempting out varied configurations to uncover bugs or to analysis malware.
Its recognition is mirrored in its 750,000 downloads and 500 stars on Docker Hub, in addition to its 40,000 stars on GitHub.
Apple nukes the repository
On Wednesday, Docker-OSX customers reported that they had been unable to drag the most recent macOS photographs from the Docker Hub repository, getting 404 errors.
“docker: Error response from daemon: pull entry denied for sickcodes/docker-osx, repository doesn’t exist or could require ‘docker login’: denied: requested entry to the useful resource is denied,” learn an error message when a consumer tried to put in the picture.
After different customers reported the same subject accessing the Docker picture, the developer, Sick.Codes, replied that it was gone from their account and have acquired no info as to why.
Supply: Sick.Codes
After posting concerning the elimination on X, Docker confirmed it with Sick.Codes that the picture was eliminated after they acquired a DMCA takedown request from Apple.
Within the DMCA request despatched to Sick.Codes and shared with BleepingComputer, a regulation agency representing Apple asserted that the “docker-osx” repository accommodates photographs of Apple’s macOS installer, that are protected by copyright.
The discover specifies that Docker-OSX reproduces Apple’s content material with out authorization, which constitutes copyright infringement underneath U.S. regulation, and requests that Docker act “expeditiously” to take down the repository.
“It has come to our consideration that photographs of Apple’s macOS installer and set up have been posted at https://hub.docker.com/r/sickcodes/docker-osx,” reads the DMCA infringement notification despatched by Apple’s attorneys at Kilpatrick, Townsend and Stockton LLP.
“Apple has unique rights in its macOS installer and set up. See macOS Sonoma. Docker-OSX reproduces this content material with out authorization. The unauthorized replica of Apple’s content material constitutes copyright infringement and is a violation of the DMCA.”
Supply: Sick.Codes
Crossing authorized boundaries
From a authorized perspective, Apple’s actions are justified on this case, as its EULA for macOS restricts using the working system to Apple-branded {hardware}, and enforcement of those licensing phrases is inside its rights.
Sick.Codes informed BleepingComputer that Apple’s motion would primarily impression safety researchers utilizing Docker-OSX to assist make macOS safer.
“Each time I am at a safety convention, like DEFCON or http://Hardwear.io, different researchers come up and say that they used Docker-OSX to do bug bounty. It is basically one of many one methods to take part in Apple’s bug bounty program with out an precise Mac,” defined Sick.Codes.
Sick.Codes added that Apple contradicts itself by encouraging safety analysis contributions and bug stories however targets the initiatives that assist researchers carry out this exercise. With that mentioned, the researcher says his devotion to assist in Apple safety analysis stays unwavering.
“It is a official good-faith safety analysis challenge that I, and over 700,000 others, have used to attempt to discover bugs in macOS.
They [Apple] explicitly allow researchers to check their merchandise as a part of the Apple Bug Bounty program, of which I’m a participant and have submitted bugs to Apple earlier than.
And can proceed to take action.”
❖ Sick.Codes
In the meantime, Docker-OSX stays accessible on GitHub on the time of writing, however the repository there solely accommodates the challenge’s code, not the installer binaries, so Sick.Codes doesn’t count on a DMCA request there.
Finally, the case highlights the authorized challenges that may come up for open-source initiatives when coping with proprietary software program that’s topic to mental property rights enforcement at any second.
BleepingComputer has requested for a remark from each Apple and Docker, however we’ve not acquired a response by publication.