Register    Login    Forum    Search    FAQ    Donate    Amazon Affiliate

Board index » General




Post new topic Reply to topic  [ 14 posts ] 
Author Message
 Post subject: mac OS Vulnerabilities
 Post Posted: Thu Jan 11, 2018 10:52 am 
Offline
User avatar

Joined: Fri Jul 17, 2015 7:22 pm
Posts: 1592
Location: S.W. Wales
--EDIT-- Changed thread title to include any vulnerability rather than start threads willy-nilly.


Not too huge maybe, but issues are cropping up more frequently.

http://www.techradar.com/news/another-password-flaw-hits-macos-as-apple-breaks-a-new-years-resolution-already

Quote:
Another password bug has been uncovered in macOS High Sierra, and while it’s not nearly as serious as the one which cropped up late last year, it’s still highly embarrassing for Apple as the new year kicks off.

As the Register reports, developer Eric Holtam found the flaw which lies in the App Store settings under System Preferences – assuming the owner of the Mac has instigated a password requirement here. If you attempt to make changes here, a password is requested, but the kicker is you can type in any password and it will work.


Last edited by loughor on Tue Jan 16, 2018 2:14 pm, edited 1 time in total.

Top 
 Profile  
 
 Post Posted: Thu Jan 11, 2018 12:03 pm 
Offline
User avatar

Joined: Thu Oct 07, 2010 1:35 am
Posts: 1495
You have to be logged in as an Admin for this to work, which automatically unlocks this system preference anyway - so yes - not huge at all, and yes - sloppy, embarrassing errors like this are getting more frequent.

Time for Apple to abandon the yearly update cycle IMHO.

_________________
Twitter
Home Page
Flickr Photo Albums


Top 
 Profile  
 
 Post Posted: Fri Jan 12, 2018 10:34 am 
Offline
User avatar

Joined: Thu Feb 12, 2015 12:25 pm
Posts: 1578
Anndra wrote:
Time for Apple to abandon the yearly update cycle IMHO.

Agreed. Just because it works for a stripped down but improving OS like iOS, doesn't mean it should be applied to the incredibly complex and feature-rich MacOS.

_________________
"If it ain't broke, we can fix it" (© Tim Cook, Jonny Ive)

Core i5 2011 21.5" iMac 12,1 2.5 GHz 12GB RAM OS X 10.9.5


Top 
 Profile  
 
 Post Posted: Fri Jan 12, 2018 10:53 am 
Offline
Moderator
User avatar

Joined: Wed Oct 06, 2010 7:51 pm
Posts: 6852
The only reason for the yearly cycle is so Apple can announce something new and shiny every year IMO.

_________________
I'm never wrong, I'm just less right on occasions.

Image


Top 
 Profile  
 
 Post Posted: Fri Jan 12, 2018 11:25 am 
Offline
User avatar

Joined: Wed Oct 06, 2010 8:27 pm
Posts: 5230
Location: Cumberland
Yes it seems apple spirit is no longer based on altruism


Top 
 Profile  
 
 Post Posted: Fri Jan 12, 2018 1:57 pm 
Offline
User avatar

Joined: Thu Feb 12, 2015 12:25 pm
Posts: 1578
Jonah wrote:
The only reason for the yearly cycle is so Apple can announce something new and shiny every year IMO.

Strange - their 'new and shiny' stuff generally has to do with phones, watches, tablets and TVs. Laptops and desktops are way down the pecking order now.

_________________
"If it ain't broke, we can fix it" (© Tim Cook, Jonny Ive)

Core i5 2011 21.5" iMac 12,1 2.5 GHz 12GB RAM OS X 10.9.5


Top 
 Profile  
 
 Post Posted: Tue Jan 16, 2018 2:18 pm 
Offline
User avatar

Joined: Fri Jul 17, 2015 7:22 pm
Posts: 1592
Location: S.W. Wales
I just saw another mac OS vulnerability posted (I edited the thread title to include more than just the one first posted).

http://www.techradar.com/news/new-mac-malware-hijacks-dns-and-compromises-internet-traffic

Quote:
Mac users haven’t had much good news on the security front early on in 2018, and that unfortunate streak is continuing with the revelation that macOS has been hit by a new strain of DNS hijacking malware (which inflicts more nastiness on the system besides that primary payload).

Named as OSX/MaMi, the malware changes the DNS server settings on the victim’s machine, redirecting their internet traffic through malicious servers designed to steal the user’s sensitive data.


Top 
 Profile  
 
 Post Posted: Thu Jan 18, 2018 11:22 am 
Offline
User avatar

Joined: Fri Jul 17, 2015 7:22 pm
Posts: 1592
Location: S.W. Wales
Unlikely that you'll get this on mac OS or iOS, but here it is:

http://www.bbc.co.uk/news/technology-42728336

Quote:
A new "text bomb" affecting Apple's iPhone and Mac computers has been discovered.
Abraham Masri, a software developer, tweeted about the flaw which typically causes an iPhone to crash and in some cases restart.
Simply sending a message containing a link which pointed to Mr Masri's code on programming site GitHub would be enough to activate the bug - even if the recipient did not click the link itself.


Top 
 Profile  
 
 Post Posted: Wed Jan 24, 2018 10:49 am 
Offline
User avatar

Joined: Fri Jul 17, 2015 7:22 pm
Posts: 1592
Location: S.W. Wales
Quote:
Apple has pushed out a patch to protect macOS users running older versions of the desktop OS from the major Meltdown flaw in Intel’s CPUs, following the original fix aimed at High Sierra (10.13).

This patch is for Sierra and El Capitan, the previous two incarnations of macOS (versions 10.12 and 10.11 respectively).


http://www.techradar.com/news/apple-has-patched-older-versions-of-macos-to-protect-against-meltdown


Top 
 Profile  
 
 Post Posted: Wed Jan 24, 2018 9:55 pm 
Offline
User avatar

Joined: Wed Oct 06, 2010 8:24 pm
Posts: 2101
Location: Manchester
Bugger, I’m still on 10.10 Yosemite, looks like that’s been left out in the cold?

_________________
* Steve *

* Witty statement goes here *


Top 
 Profile  
 
 Post Posted: Thu Jan 25, 2018 8:18 am 
Offline
User avatar

Joined: Fri Jul 17, 2015 7:22 pm
Posts: 1592
Location: S.W. Wales
I found this statement from Apple:
https://support.apple.com/en-us/HT208394

No mention of Yosemite. Searching with that as a required factor, in this context, comes back with non-Apple hits speculating that Yosemite 'could' have a fix but dated before the 'fixes' rolled. Don't hold your breath, or maybe consider grudgingly thinking about El C if you are concerned.


Top 
 Profile  
 
 Post Posted: Thu Jan 25, 2018 10:44 am 
Offline
User avatar

Joined: Thu Feb 12, 2015 12:25 pm
Posts: 1578
Interesting question: as this is a hardware problem rather than a software flaw, would applying the fix via Sierra on a separate partition on a Mac also - by extension - cause it to be fixed for Mavericks running on the same Mac?

_________________
"If it ain't broke, we can fix it" (© Tim Cook, Jonny Ive)

Core i5 2011 21.5" iMac 12,1 2.5 GHz 12GB RAM OS X 10.9.5


Top 
 Profile  
 
 Post Posted: Thu Jan 25, 2018 11:16 am 
Offline
User avatar

Joined: Fri Jul 17, 2015 7:22 pm
Posts: 1592
Location: S.W. Wales
As I understand it, the fault is in the Intel CPU microcode. The OS interacts making things do stuff. The flaw is that things can peek at what should be hidden. It is the patch in the OS that allegedly keeps the two apart as they should be. If you load an unpatched OS then the hole is back as you haven't fixed it at hardware level. Even if you had the two OSs loaded in virtual machines, they's perform separately.


Top 
 Profile  
 
 Post Posted: Fri Jan 26, 2018 4:24 pm 
Offline
User avatar

Joined: Thu Feb 12, 2015 12:25 pm
Posts: 1578
:(

_________________
"If it ain't broke, we can fix it" (© Tim Cook, Jonny Ive)

Core i5 2011 21.5" iMac 12,1 2.5 GHz 12GB RAM OS X 10.9.5


Top 
 Profile  
 
Display posts from previous:  Sort by  
 
Post new topic Reply to topic  [ 14 posts ] 

Board index » General


Who is online

Users browsing this forum: No registered users and 2 guests

 
 

 
You cannot post new topics in this forum
You cannot reply to topics in this forum
You cannot edit your posts in this forum
You cannot delete your posts in this forum

Search for:
Jump to:  

 

HTML tutorial