That’s the question that I am asking as at the moment, I am reading the release notes and more importantly the security information that is in the macOS Sierra 10.12.4 update that was released a couple of hours ago. In the security information, I noted this:
EFI
Available for: macOS Sierra 10.12.3
Impact: A malicious Thunderbolt adapter may be able to recover the FileVault 2 encryption password
Description: An issue existed in the handling of DMA. This issue was addressed by enabling VT-d in EFI.
CVE-2016-7585: Ulf Frisk (@UlfFrisk)
The thing is that the Ulf Frisk that is mentioned in this document is the same guy who a few months ago reported this exact attack scenario to the world and it was thought to have been fixed by Apple in the macOS 10.12.3 update from a few months ago. But perhaps not as we have a mention of it here in the 10.12.4 update that was released today. Or perhaps this is a different variant of the same issue that has been fixed. It’s impossible to tell as Apple didn’t spill the beans the last time this issue popped up. And I seriously doubt that if you ask them, that they’ll spill the beans now. Thus this question will likely hang out there like a hanging chad in a Florida election.
Like this:
Like Loading...
Related
This entry was posted on March 27, 2017 at 3:30 pm and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Has macOS Sierra 10.12.4 Update Fixed ANOTHER FileVault Vulnerability?
That’s the question that I am asking as at the moment, I am reading the release notes and more importantly the security information that is in the macOS Sierra 10.12.4 update that was released a couple of hours ago. In the security information, I noted this:
EFI
Available for: macOS Sierra 10.12.3
Impact: A malicious Thunderbolt adapter may be able to recover the FileVault 2 encryption password
Description: An issue existed in the handling of DMA. This issue was addressed by enabling VT-d in EFI.
CVE-2016-7585: Ulf Frisk (@UlfFrisk)
The thing is that the Ulf Frisk that is mentioned in this document is the same guy who a few months ago reported this exact attack scenario to the world and it was thought to have been fixed by Apple in the macOS 10.12.3 update from a few months ago. But perhaps not as we have a mention of it here in the 10.12.4 update that was released today. Or perhaps this is a different variant of the same issue that has been fixed. It’s impossible to tell as Apple didn’t spill the beans the last time this issue popped up. And I seriously doubt that if you ask them, that they’ll spill the beans now. Thus this question will likely hang out there like a hanging chad in a Florida election.
Share this:
Like this:
Related
This entry was posted on March 27, 2017 at 3:30 pm and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.