Normally, I don’t suggest that you should rush out and install the latest updates of anything. Instead I tend to suggest that you wait a day or so to see if anything bad happens. Today I am going to advise that you should rush out and install iOS 11.1, tvOS 11.1, macOS 10.13.1, and watchOS 4.1 for two reasons.
The first reason is that all these updates have a fix for the rather serious KRACK vulnerability where hackers could exploit a flaw in the WPA2 protocol to decrypt network traffic to sniff out sensitive information like passwords. That’s a very good reason to run and install this update.
The second reason is specific to macOS 10.13 users and can be found in the security information document that Apple put out when the update was released:
APFS
Available for: macOS High Sierra 10.13
Impact: A malicious Thunderbolt adapter may be able to recover unencrypted APFS filesystem data
Description: An issue existed in the handling of DMA. This issue was addressed by limiting the time the FileVault decryption buffers are DMA mapped to the duration of the I/O operation.
CVE-2017-13786: an anonymous researcher
This kind of sounds like the Thunderstrike vulnerability from a while back. Seeing as APFS is a brand new filesystem for Apple, one has to wonder what else is out there in terms of security issues. Thus, this is another good reason to update away.
I’ll be doing updates of all my iDevices today and if I trip over anything interesting, I’ll post an update here.
Like this:
Like Loading...
Related
This entry was posted on October 31, 2017 at 1:59 pm and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed.
You can leave a response, or trackback from your own site.
Here’s Why You Need To IMMEDIATELY Install All The Apple Updates That Were Released Today
Normally, I don’t suggest that you should rush out and install the latest updates of anything. Instead I tend to suggest that you wait a day or so to see if anything bad happens. Today I am going to advise that you should rush out and install iOS 11.1, tvOS 11.1, macOS 10.13.1, and watchOS 4.1 for two reasons.
The first reason is that all these updates have a fix for the rather serious KRACK vulnerability where hackers could exploit a flaw in the WPA2 protocol to decrypt network traffic to sniff out sensitive information like passwords. That’s a very good reason to run and install this update.
The second reason is specific to macOS 10.13 users and can be found in the security information document that Apple put out when the update was released:
APFS
Available for: macOS High Sierra 10.13
Impact: A malicious Thunderbolt adapter may be able to recover unencrypted APFS filesystem data
Description: An issue existed in the handling of DMA. This issue was addressed by limiting the time the FileVault decryption buffers are DMA mapped to the duration of the I/O operation.
CVE-2017-13786: an anonymous researcher
This kind of sounds like the Thunderstrike vulnerability from a while back. Seeing as APFS is a brand new filesystem for Apple, one has to wonder what else is out there in terms of security issues. Thus, this is another good reason to update away.
I’ll be doing updates of all my iDevices today and if I trip over anything interesting, I’ll post an update here.
Share this:
Like this:
Related
This entry was posted on October 31, 2017 at 1:59 pm and is filed under Commentary with tags Apple. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.