Has macOS Sierra 10.12.4 Update Fixed ANOTHER FileVault Vulnerability?

That’s the question that I am asking as at the moment, I am reading the release notes and more importantly the security information that is in the macOS Sierra 10.12.4 update that was released a couple of hours ago. In the security information, I noted this:



Available for: macOS Sierra 10.12.3

Impact: A malicious Thunderbolt adapter may be able to recover the FileVault 2 encryption password

Description: An issue existed in the handling of DMA. This issue was addressed by enabling VT-d in EFI.

CVE-2016-7585: Ulf Frisk (@UlfFrisk)


The thing is that the Ulf Frisk that is mentioned in this document is the same guy who a few months ago reported this exact attack scenario to the world and it was thought to have been fixed by Apple in the macOS 10.12.3 update from a few months ago. But perhaps not as we have a mention of it here in the 10.12.4 update that was released today. Or perhaps this is a different variant of the same issue that has been fixed. It’s impossible to tell as Apple didn’t spill the beans the last time this issue popped up. And I seriously doubt that if you ask them, that they’ll spill the beans now. Thus this question will likely hang out there like a hanging chad in a Florida election.




Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google+ photo

You are commenting using your Google+ account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )


Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

%d bloggers like this: