App Store-based password reset vulnerability discovered in macOS High Sierra, appears to be fixed in forthcoming update

Posted by:
Date: Friday, January 12th, 2018, 03:27
Category: High Sierra, macOS, News, security, Software

This is why Apple has a team working on security features.

For the third time in recent month, a vulnerability has been discovered in macOS High Sierra.

Back in September, security researcher Patrick Wardle discovered an exploit to snag plaintext passwords from the Keychain utility. Two months later, software developer Lemi Orhan Ergin realized that gaining root access to High Sierra machines was essentially as easy as inputting the username “root,” no password required.

Now, a bug report on Open Radar from earlier this week—affecting version 10.13.2—allows any user to change the App Store system preferences without a real password via these steps:

(more…)

Apple releases macOS High Sierra 10.13.2, iOS 11.2.2 supplemental updates with Spectre fix for Safari and WebKit

Posted by:
Date: Tuesday, January 9th, 2018, 03:33
Category: High Sierra, iOS, macOS, News, security, Software

As tired as you are of hearing about the Meltdown and Spectre vulnerabilities, Apple has just released something that could help with part of these.

The company has released both a macOS High Sierra 10.13.2 and iOS 11.2.2 supplemental update designed to help prevent Spectre attacks in the current Mac and iOS operating systems. Prior to this, there was still the possibility of exploiting the Spectre vulnerability through Javascript in the Safari browser.

While there’s no absolute fix against the vulnerabilities, this patch, and others like it, can help mitigate the risk and make the bug that much harder to exploit.


The patch repairs Apple’s WKWebView API to display the web content with Apple’s WebKit implementation and thus fixes every app that displays web content on your iOS device and should be installed immediately.

On the macOS end, the macOS High Sierra 10.13.2 supplemental app helps secure Safari and apps that use Apple’s WebKit rendering engine. If you’re a Google Chrome or Firefox user, be sure to update to the latest version of the Chrome browser or Firefox 57.0.4 or later.

An update to the latest version of the Chrome browser with Spectre mitigations is expected in Chrome 64, currently scheduled for release in late January.

Stay tuned for additional details as they become available.

Via Macworld

Intel states forthcoming software and firmware updates will help make computers “immune” to Spectre, Meltdown vulnerabilities

Posted by:
Date: Friday, January 5th, 2018, 03:55
Category: Hardware, High Sierra, Intel, macOS, News, Processors, Software

Where the Meltdown and Spectre bugs are now affecting billions of processors around the world, Intel has not stated that forthcoming firmware updates and software patches will render Intel-based computer systems “immune” to these issues.

The company has stated that updates have been issued for the majority of Intel processor products introduced within the past five years, and by the end of next week, more than 90 percent of processor products from the last five years will be patched.

For Mac users, Apple has already addressed some of the vulnerabilities in the macOS High Sierra 10.13.2 update, and will cover any further vulnerabilities in macOS High Sierra 10.13.3. As always, make sure to install the latest operating system update and firmware patches and avoid suspicious programs, websites, and links.

(more…)

Apple has partially repaired effects of Intel “KPTI” memory/security bug, will add additional fixed in macOS High Sierra 10.13.3

Posted by:
Date: Thursday, January 4th, 2018, 03:04
Category: High Sierra, macOS, News, Processors, security, Software

Following public disclosure of a security flaw with nearly every Intel processor produced for the last 15 years, concern grew that a fix may take up to 30 percent of the processing power away from a system. But Apple appears to have at least partially fixed the problem with December’s macOS High Sierra 10.13.2 with additional fixes seeming likely appear to be coming in macOS 10.13.3.

A number of anonymous sources within Apple have confirmed that routines exist within macOS High Sierra 10.13.2 that could grant applications access to protected kernel memory data. These measures, alongside existing programming requirements regarding kernel memory that Apple has implemented over the past decade, seem to have mitigated much of the issue.

The fix was further confirmed by developer Alex Ionescu, who called the code regarding the issue the “Double Map.”

(more…)

Apple releases macOS High Sierra 10.13.2 update

Posted by:
Date: Friday, December 8th, 2017, 03:16
Category: High Sierra, macOS, News, security, Software

Late Wednesday night, Apple released macOS High Sierra 10.13.2. The update, a roughly 1.87 gigabyte download, offers the following fixes and changes:

– Improves compatibility with certain third-party USB audio devices.

– Improves VoiceOver navigation when viewing PDF documents in Preview.

(more…)

Apple releases security updates for KRACK, other exploits in macOS High Sierra 10.13.1 update, Security Update 2017-004

Posted by:
Date: Thursday, November 2nd, 2017, 03:10
Category: Hack, High Sierra, macOS, News, security, Sierra, Software

A few critical security updates also shipped out with Tuesday’s macOS High Sierra 10.13.1 update.

Apple also released Security Update 2017-004 and Security Update 2017-001 macOS Sierra, which address the KRACK security exploit.

KRACK is a vulnerability in the WPA2 encryption standard for Wi-Fi networks that lets attackers decrypt the data passing to and from a specific device. The vulnerability exists in most any device capable of using WPA2 on Wi-Fi networks and once it was publicly disclosed product manufacturers started scrambling to release patches.

(more…)

Apple releases macOS High Sierra 10.13.1 update

Posted by:
Date: Wednesday, November 1st, 2017, 03:46
Category: Bluetooth, High Sierra, macOS, News, Software

It’s not the heftiest update in the world, but it could be helpful. On Tuesday, Apple released its macOS High Sierra 10.13.1 update.

The update adds the following fixes and changes:

– Fixes a bug where Bluetooth appeared as unavailable during Apple Pay transactions.

– Improves the reliability of Microsoft Exchange message sync in Mail.

– Fixes an issue where Spotlight does not accept keyboard input.

– Improves the reliability of SMB printing.

– Makes Touch ID preferences accessible while logged in as a mobile account on MacBook Pro with Touch Bar.

– Adds support for unlocking a FileVault-encrypted APFS volume using a recovery keychain file. For details, enter man diskutil in Terminal.

As always, the update can be found via the App Store under the “Updates” tab. If you’ve had a chance to try the macOS High Sierra 10.13.1 update and have any feedback to offer, please let us know about your experience in the comments.

Microsoft officially ends support for Office for Mac 2011

Posted by:
Date: Friday, October 13th, 2017, 05:25
Category: High Sierra, Microsoft, News, Software

It had to come to an end sometime.

Microsoft has officially ended support for Office for Mac 2011. As such, there will be no further updates if anything goes wrong or stops working in Word, Excel, Powerpoint, or Outlook.

Microsoft has warned users the end was coming and made it very clear the official end of line would happen on October 12th, 2017. The company didn’t even bother to test Office 2011 for macOS High Sierra compatibility.

(more…)

Apple releases macOS High Sierra 10.13 Supplemental Update, works to address security concerns, bugs

Posted by:
Date: Friday, October 6th, 2017, 05:39
Category: High Sierra, macOS, News, security, Software

Every so often after a major operating system update, Apple releases a supplemental update to sort things out.

This is one of those times.

On Thursday, Apple released macOS High Sierra 10.13 Supplemental Update. The update, a 915 megabyte download through the App Store’s “Update” tab, fixes two important security flaws, one of which was just recently publicized. It also addresses three relatively minor bugs in macOS High Sierra.

Per Apple’s patch notes, the macOS High Sierra 10.13 Supplemental Update offers the following fixes:

Improves installer robustness
Fixes a cursor graphic bug when using Adobe InDesign
Resolves an issue where email messages couldn’t be deleted from Yahoo accounts in Mail
Security patch notes for macOS High Sierra 10.13 Supplemental Update
StorageKit

(more…)

Apple releases first macOS High Sierra 10.13.1, iOS 11.1, tvOS 11.1 public betas

Posted by:
Date: Monday, October 2nd, 2017, 05:37
Category: High Sierra, iOS, macOS, News, Software, TvOS

If you’re feeling curious or brave this week, Apple has released the first public betas of macOS High Sierra 10.13.1, iOS 11.1, and tvOS 11.1.

It doesn’t look like there are major changes in these beta releases and instead seem to be bug fixes and minor refinements. Apple released the developer betas on Wednesday and followed up with the public betas on Thursday.

(more…)