mac4mac.co.uk

--EDIT-- Changed thread title to include any vulnerability rather than start threads willy-nilly.


Not too huge maybe, but issues are cropping up more frequently.



Quote:
Another password bug has been uncovered in macOS High Sierra, and while it’s not nearly as serious as the one which cropped up late last year, it’s still highly embarrassing for Apple as the new year kicks off.

As the Register reports, developer Eric Holtam found the flaw which lies in the App Store settings under System Preferences – assuming the owner of the Mac has instigated a password requirement here. If you attempt to make changes here, a password is requested, but the kicker is you can type in any password and it will work.

You have to be logged in as an Admin for this to work, which automatically unlocks this system preference anyway - so yes - not huge at all, and yes - sloppy, embarrassing errors like this are getting more frequent.

Time for Apple to abandon the yearly update cycle IMHO.

_________________

_________________
"If it ain't broke, we can fix it" (© Tim Cook, Jonny Ive)

Core i7 2011 21.5" iMac 12,1 2.8 GHz 16GB RAM OS X 10.9.5 1TB SSD & 128GB SSD

The only reason for the yearly cycle is so Apple can announce something new and shiny every year IMO.

_________________
I'm never wrong, I'm just less right on occasions.

Yes it seems apple spirit is no longer based on altruism

_________________
"If it ain't broke, we can fix it" (© Tim Cook, Jonny Ive)

Core i7 2011 21.5" iMac 12,1 2.8 GHz 16GB RAM OS X 10.9.5 1TB SSD & 128GB SSD

I just saw another mac OS vulnerability posted (I edited the thread title to include more than just the one first posted).



Quote:
Mac users haven’t had much good news on the security front early on in 2018, and that unfortunate streak is continuing with the revelation that macOS has been hit by a new strain of DNS hijacking malware (which inflicts more nastiness on the system besides that primary payload).

Named as OSX/MaMi, the malware changes the DNS server settings on the victim’s machine, redirecting their internet traffic through malicious servers designed to steal the user’s sensitive data.

Unlikely that you'll get this on mac OS or iOS, but here it is:



Quote:
A new "text bomb" affecting Apple's iPhone and Mac computers has been discovered.
Abraham Masri, a software developer, tweeted about the flaw which typically causes an iPhone to crash and in some cases restart.
Simply sending a message containing a link which pointed to Mr Masri's code on programming site GitHub would be enough to activate the bug - even if the recipient did not click the link itself.

Quote:
Apple has pushed out a patch to protect macOS users running older versions of the desktop OS from the major Meltdown flaw in Intel’s CPUs, following the original fix aimed at High Sierra (10.13).

This patch is for Sierra and El Capitan, the previous two incarnations of macOS (versions 10.12 and 10.11 respectively).

Bugger, I’m still on 10.10 Yosemite, looks like that’s been left out in the cold?

_________________
* Steve *

* Witty statement goes here *

I found this statement from Apple:


No mention of Yosemite. Searching with that as a required factor, in this context, comes back with non-Apple hits speculating that Yosemite 'could' have a fix but dated before the 'fixes' rolled. Don't hold your breath, or maybe consider grudgingly thinking about El C if you are concerned.

Interesting question: as this is a hardware problem rather than a software flaw, would applying the fix via Sierra on a separate partition on a Mac also - by extension - cause it to be fixed for Mavericks running on the same Mac?

_________________
"If it ain't broke, we can fix it" (© Tim Cook, Jonny Ive)

Core i7 2011 21.5" iMac 12,1 2.8 GHz 16GB RAM OS X 10.9.5 1TB SSD & 128GB SSD

As I understand it, the fault is in the Intel CPU microcode. The OS interacts making things do stuff. The flaw is that things can peek at what should be hidden. It is the patch in the OS that allegedly keeps the two apart as they should be. If you load an unpatched OS then the hole is back as you haven't fixed it at hardware level. Even if you had the two OSs loaded in virtual machines, they's perform separately.

_________________
"If it ain't broke, we can fix it" (© Tim Cook, Jonny Ive)

Core i7 2011 21.5" iMac 12,1 2.8 GHz 16GB RAM OS X 10.9.5 1TB SSD & 128GB SSD

According to The Register, Apple patched two actively exploited vulnerabilities in macOS Monterey yet has left users of older supported versions of its desktop operating system unprotected.

Source:


The AppleAVD issue is unpatched for macOS Big Sur, said Joshua Long, chief security analyst for Intego, while Catalina isn't affected because it lacks the AppleAVD component for decoding audio and video. The Intel Graphics Driver flaw, he said, looks like it affects both Big Sur and Catalina.