mac4mac.co.uk
http://mac4mac.co.uk/

mac OS Vulnerabilities
http://mac4mac.co.uk/viewtopic.php?f=2&t=6486
Page 1 of 1

Author:  loughor [ Thu Jan 11, 2018 10:52 am ]
Post subject:  mac OS Vulnerabilities

--EDIT-- Changed thread title to include any vulnerability rather than start threads willy-nilly.


Not too huge maybe, but issues are cropping up more frequently.

http://www.techradar.com/news/another-password-flaw-hits-macos-as-apple-breaks-a-new-years-resolution-already

Quote:
Another password bug has been uncovered in macOS High Sierra, and while it’s not nearly as serious as the one which cropped up late last year, it’s still highly embarrassing for Apple as the new year kicks off.

As the Register reports, developer Eric Holtam found the flaw which lies in the App Store settings under System Preferences – assuming the owner of the Mac has instigated a password requirement here. If you attempt to make changes here, a password is requested, but the kicker is you can type in any password and it will work.

Author:  Anndra [ Thu Jan 11, 2018 12:03 pm ]
Post subject:  Re: Another Password Flaw in HS

You have to be logged in as an Admin for this to work, which automatically unlocks this system preference anyway - so yes - not huge at all, and yes - sloppy, embarrassing errors like this are getting more frequent.

Time for Apple to abandon the yearly update cycle IMHO.

Author:  MacBiter [ Fri Jan 12, 2018 10:34 am ]
Post subject:  Re: Another Password Flaw in HS

Anndra wrote:
Time for Apple to abandon the yearly update cycle IMHO.

Agreed. Just because it works for a stripped down but improving OS like iOS, doesn't mean it should be applied to the incredibly complex and feature-rich MacOS.

Author:  Jonah [ Fri Jan 12, 2018 10:53 am ]
Post subject:  Re: Another Password Flaw in HS

The only reason for the yearly cycle is so Apple can announce something new and shiny every year IMO.

Author:  Leewave [ Fri Jan 12, 2018 11:25 am ]
Post subject:  Re: Another Password Flaw in HS

Yes it seems apple spirit is no longer based on altruism

Author:  MacBiter [ Fri Jan 12, 2018 1:57 pm ]
Post subject:  Re: Another Password Flaw in HS

Jonah wrote:
The only reason for the yearly cycle is so Apple can announce something new and shiny every year IMO.

Strange - their 'new and shiny' stuff generally has to do with phones, watches, tablets and TVs. Laptops and desktops are way down the pecking order now.

Author:  loughor [ Tue Jan 16, 2018 2:18 pm ]
Post subject:  Re: mac OS Vulnerabilities

I just saw another mac OS vulnerability posted (I edited the thread title to include more than just the one first posted).

http://www.techradar.com/news/new-mac-malware-hijacks-dns-and-compromises-internet-traffic

Quote:
Mac users haven’t had much good news on the security front early on in 2018, and that unfortunate streak is continuing with the revelation that macOS has been hit by a new strain of DNS hijacking malware (which inflicts more nastiness on the system besides that primary payload).

Named as OSX/MaMi, the malware changes the DNS server settings on the victim’s machine, redirecting their internet traffic through malicious servers designed to steal the user’s sensitive data.

Author:  loughor [ Thu Jan 18, 2018 11:22 am ]
Post subject:  Re: mac OS Vulnerabilities

Unlikely that you'll get this on mac OS or iOS, but here it is:

http://www.bbc.co.uk/news/technology-42728336

Quote:
A new "text bomb" affecting Apple's iPhone and Mac computers has been discovered.
Abraham Masri, a software developer, tweeted about the flaw which typically causes an iPhone to crash and in some cases restart.
Simply sending a message containing a link which pointed to Mr Masri's code on programming site GitHub would be enough to activate the bug - even if the recipient did not click the link itself.

Author:  loughor [ Wed Jan 24, 2018 10:49 am ]
Post subject:  Re: mac OS Vulnerabilities

Quote:
Apple has pushed out a patch to protect macOS users running older versions of the desktop OS from the major Meltdown flaw in Intel’s CPUs, following the original fix aimed at High Sierra (10.13).

This patch is for Sierra and El Capitan, the previous two incarnations of macOS (versions 10.12 and 10.11 respectively).


http://www.techradar.com/news/apple-has-patched-older-versions-of-macos-to-protect-against-meltdown

Author:  MacOS10 [ Wed Jan 24, 2018 9:55 pm ]
Post subject:  Re: mac OS Vulnerabilities

Bugger, I’m still on 10.10 Yosemite, looks like that’s been left out in the cold?

Author:  loughor [ Thu Jan 25, 2018 8:18 am ]
Post subject:  Re: mac OS Vulnerabilities

I found this statement from Apple:
https://support.apple.com/en-us/HT208394

No mention of Yosemite. Searching with that as a required factor, in this context, comes back with non-Apple hits speculating that Yosemite 'could' have a fix but dated before the 'fixes' rolled. Don't hold your breath, or maybe consider grudgingly thinking about El C if you are concerned.

Author:  MacBiter [ Thu Jan 25, 2018 10:44 am ]
Post subject:  Re: mac OS Vulnerabilities

Interesting question: as this is a hardware problem rather than a software flaw, would applying the fix via Sierra on a separate partition on a Mac also - by extension - cause it to be fixed for Mavericks running on the same Mac?

Author:  loughor [ Thu Jan 25, 2018 11:16 am ]
Post subject:  Re: mac OS Vulnerabilities

As I understand it, the fault is in the Intel CPU microcode. The OS interacts making things do stuff. The flaw is that things can peek at what should be hidden. It is the patch in the OS that allegedly keeps the two apart as they should be. If you load an unpatched OS then the hole is back as you haven't fixed it at hardware level. Even if you had the two OSs loaded in virtual machines, they's perform separately.

Author:  MacBiter [ Fri Jan 26, 2018 4:24 pm ]
Post subject:  Re: mac OS Vulnerabilities

:(

Page 1 of 1 All times are UTC
Powered by phpBB® Forum Software © phpBB Group
http://www.phpbb.com/