Archive for January 2, 2018

New macOS Zero Day Security Flaw Has Been Around For 15 YEARS

Posted in Commentary with tags on January 2, 2018 by itnerd

Apple has started off 2018 the way it ended 2017. By that I mean that a embarrassing zero day security issue has been found that could lead to pwnage. Here’s the kicker, according to this, it may have been around for as long as 15 years:

A security researcher calling themselves “hobbyist hacker” released a zero day macOS vulnerability that they suggest is “at least” 15 years old. The unpatched flaw can enable an unprivileged user to take control of the system if they have physical access to the system to execute arbitrary code and get root permissions.

That’s not good. But the fact that they need physical access to the system is the only good news because it means that as long as you have physical control of your Mac, you can’t get pwned. Another thing that may make you breathe a sigh or relief is that the exploit requires the Mac to be logged out and rebooted. Thus if your machine randomly does that, you’d know about it and at that point maybe pull the plug on it or something.

But the bad news is that this perhaps illustrates that Apple’s ability, or lack thereof, to secure its desktop/laptop OS is not new and goes back years. At this point, we should all be suspicious of the quality of the code that Apple writes because it is increasingly clear that it is problematic. If Apple were smart, they’d come out and say that they are going to fully review their code and address whatever issues they find promptly. But I suspect that won’t happen. After all, we’re supposed to trust that “it just works”, right?

Advertisements

Do You Think That Apple’s Handling Of “BatteryGate” Is Sufficient? [POLL]

Posted in Commentary with tags on January 2, 2018 by itnerd