App Store-based password reset vulnerability discovered in macOS High Sierra, appears to be fixed in forthcoming update

Posted by:
Date: Friday, January 12th, 2018, 03:27
Category: High Sierra, macOS, News, security, Software

This is why Apple has a team working on security features.

For the third time in recent month, a vulnerability has been discovered in macOS High Sierra.

Back in September, security researcher Patrick Wardle discovered an exploit to snag plaintext passwords from the Keychain utility. Two months later, software developer Lemi Orhan Ergin realized that gaining root access to High Sierra machines was essentially as easy as inputting the username “root,” no password required.

Now, a bug report on Open Radar from earlier this week—affecting version 10.13.2—allows any user to change the App Store system preferences without a real password via these steps:

(more…)

Apple releases Safari 11.0.2 for macOS El Capitan 10.11, macOS Sierra 11.2, looks to address Spectre issue with update

Posted by:
Date: Wednesday, January 10th, 2018, 03:19
Category: macOS, News, security, Sierra, Software

As sick as everyone is of hearing about Spectre and Meltdown, Apple has just released an updated version of Safari that could help with the Spectre vulnerability.

On Monday, the company released Safari 11.0.2, the new version of its web browser.

The update, a 75.6 megabyte download, includes security improvements to mitigate the effects of the Spectre issue, which has become a prevalent concern in the security community and affects several years worth of computers and devices.

(more…)

Apple releases macOS High Sierra 10.13.2, iOS 11.2.2 supplemental updates with Spectre fix for Safari and WebKit

Posted by:
Date: Tuesday, January 9th, 2018, 03:33
Category: High Sierra, iOS, macOS, News, security, Software

As tired as you are of hearing about the Meltdown and Spectre vulnerabilities, Apple has just released something that could help with part of these.

The company has released both a macOS High Sierra 10.13.2 and iOS 11.2.2 supplemental update designed to help prevent Spectre attacks in the current Mac and iOS operating systems. Prior to this, there was still the possibility of exploiting the Spectre vulnerability through Javascript in the Safari browser.

While there’s no absolute fix against the vulnerabilities, this patch, and others like it, can help mitigate the risk and make the bug that much harder to exploit.


The patch repairs Apple’s WKWebView API to display the web content with Apple’s WebKit implementation and thus fixes every app that displays web content on your iOS device and should be installed immediately.

On the macOS end, the macOS High Sierra 10.13.2 supplemental app helps secure Safari and apps that use Apple’s WebKit rendering engine. If you’re a Google Chrome or Firefox user, be sure to update to the latest version of the Chrome browser or Firefox 57.0.4 or later.

An update to the latest version of the Chrome browser with Spectre mitigations is expected in Chrome 64, currently scheduled for release in late January.

Stay tuned for additional details as they become available.

Via Macworld

Intel states forthcoming software and firmware updates will help make computers “immune” to Spectre, Meltdown vulnerabilities

Posted by:
Date: Friday, January 5th, 2018, 03:55
Category: Hardware, High Sierra, Intel, macOS, News, Processors, Software

Where the Meltdown and Spectre bugs are now affecting billions of processors around the world, Intel has not stated that forthcoming firmware updates and software patches will render Intel-based computer systems “immune” to these issues.

The company has stated that updates have been issued for the majority of Intel processor products introduced within the past five years, and by the end of next week, more than 90 percent of processor products from the last five years will be patched.

For Mac users, Apple has already addressed some of the vulnerabilities in the macOS High Sierra 10.13.2 update, and will cover any further vulnerabilities in macOS High Sierra 10.13.3. As always, make sure to install the latest operating system update and firmware patches and avoid suspicious programs, websites, and links.

(more…)

Apple has partially repaired effects of Intel “KPTI” memory/security bug, will add additional fixed in macOS High Sierra 10.13.3

Posted by:
Date: Thursday, January 4th, 2018, 03:04
Category: High Sierra, macOS, News, Processors, security, Software

Following public disclosure of a security flaw with nearly every Intel processor produced for the last 15 years, concern grew that a fix may take up to 30 percent of the processing power away from a system. But Apple appears to have at least partially fixed the problem with December’s macOS High Sierra 10.13.2 with additional fixes seeming likely appear to be coming in macOS 10.13.3.

A number of anonymous sources within Apple have confirmed that routines exist within macOS High Sierra 10.13.2 that could grant applications access to protected kernel memory data. These measures, alongside existing programming requirements regarding kernel memory that Apple has implemented over the past decade, seem to have mitigated much of the issue.

The fix was further confirmed by developer Alex Ionescu, who called the code regarding the issue the “Double Map.”

(more…)

Apple’s rumored “Marzipan” project might allow iOS apps to run under macOS, could be part of development efforts in 2018

Posted by:
Date: Thursday, December 21st, 2017, 03:12
Category: Developer, iOS, iPad, iPhone, macOS, News, Software, WWDC

A new Apple project could allow thousands of iOS applications to run under macOS.

Apple is reportedly working to overcome challenges in getting software developers to embrace the Mac App Store. With the expected upcoming changes, developers will be able to create a single application that can work with either a touchscreen, a mouse, or a trackpad.

The project, reportedly codenamed “Marzipan”, will allow macOS and iOS applications to essentially blur together with the hope that applications on the Mac will be updated more frequently and be of higher quality than their current state. A Bloomberg report cited the official Twitter app, which is regularly updated for iPhone and iPad, but less frequently so for Mac.

(more…)

Apple releases macOS High Sierra 10.13.2 update

Posted by:
Date: Friday, December 8th, 2017, 03:16
Category: High Sierra, macOS, News, security, Software

Late Wednesday night, Apple released macOS High Sierra 10.13.2. The update, a roughly 1.87 gigabyte download, offers the following fixes and changes:

– Improves compatibility with certain third-party USB audio devices.

– Improves VoiceOver navigation when viewing PDF documents in Preview.

(more…)

Apple follows up on root user security hole in macOS 10.13 High Sierra, has yet to offer timeline for fix

Posted by:
Date: Wednesday, November 29th, 2017, 03:03
Category: macOS, News, security, Software

Well, this qualifies as a pretty huge mess.

Following the discovery of a security hole in macOS High Sierra in which a user can simply enter their user name as “root”, not provide a password and be allowed full access to the computer, Apple has offered the following statement:

“We are working on a software update to address this issue,” Apple said. “In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a black password is not set, please follow the instructions from the ‘Change the root password’ section.”

(more…)

Apple releases security updates for KRACK, other exploits in macOS High Sierra 10.13.1 update, Security Update 2017-004

Posted by:
Date: Thursday, November 2nd, 2017, 03:10
Category: Hack, High Sierra, macOS, News, security, Sierra, Software

A few critical security updates also shipped out with Tuesday’s macOS High Sierra 10.13.1 update.

Apple also released Security Update 2017-004 and Security Update 2017-001 macOS Sierra, which address the KRACK security exploit.

KRACK is a vulnerability in the WPA2 encryption standard for Wi-Fi networks that lets attackers decrypt the data passing to and from a specific device. The vulnerability exists in most any device capable of using WPA2 on Wi-Fi networks and once it was publicly disclosed product manufacturers started scrambling to release patches.

(more…)

Apple releases macOS High Sierra 10.13.1 update

Posted by:
Date: Wednesday, November 1st, 2017, 03:46
Category: Bluetooth, High Sierra, macOS, News, Software

It’s not the heftiest update in the world, but it could be helpful. On Tuesday, Apple released its macOS High Sierra 10.13.1 update.

The update adds the following fixes and changes:

– Fixes a bug where Bluetooth appeared as unavailable during Apple Pay transactions.

– Improves the reliability of Microsoft Exchange message sync in Mail.

– Fixes an issue where Spotlight does not accept keyboard input.

– Improves the reliability of SMB printing.

– Makes Touch ID preferences accessible while logged in as a mobile account on MacBook Pro with Touch Bar.

– Adds support for unlocking a FileVault-encrypted APFS volume using a recovery keychain file. For details, enter man diskutil in Terminal.

As always, the update can be found via the App Store under the “Updates” tab. If you’ve had a chance to try the macOS High Sierra 10.13.1 update and have any feedback to offer, please let us know about your experience in the comments.