Slashdot Mirror

← Back to Stories (view on slashdot.org)

Apple Issues Security Updates for MacOS, iOS, TvOS, WatchOS, and Safari (bleepingcomputer.com)

Posted by msmash on from the tightening-things dept.

Catalin Cimpanu, writing for BleepingComputer: Over the course of the last four days, Apple has released updates to address security issues for several products, such as macOS High Sierra, Safari, watchOS, tvOS, and iOS. The most relevant security update is the one to macOS, as it also permanently fixes the bug that allowed attackers to access macOS root accounts without having to type a password. Apple issued a patch for the bug the next day after it was discovered, but because the patch was delivered as an out-of-band update that did not alter the macOS version number, when users from older macOS versions updated to 10.13.1 (the vulnerable version), the bug was still present. With today's update, the patch for the bug -- now known as "IAmRoot" (CVE-2017-13872) -- has received a permanent fix. All users who upgrade to macOS High Sierra 10.13.2 are safe.

16 of 30 comments (clear)

  1. Wait, what? by DontBeAMoran · · Score: 1

    With today's update, the patch for the bug -- now known as "IAmGroot" (CVE-2017-13872) -- has received a permanent fix.

    --
    #DeleteFacebook
    1. Re:Wait, what? by DontBeAMoran · · Score: 1

      Damn, I was hoping to get a "Thank you Ted, that was the joke."

      --
      #DeleteFacebook
  2. Re:Dell by arth1 · · Score: 1

    How come the Dell security updates aren't announced here too? More people use Dell than Apple.

    Have you submitted any story on Dell security updates here?

  3. Too late if you activated Apple Pay by WillAffleckUW · · Score: 1

    Think about it.

    They got your credit/debit cards.

    Yup.

    --
    -- Tigger warning: This post may contain tiggers! --
    1. Re:Too late if you activated Apple Pay by AHuxley · · Score: 1

      Always use a gift card for software, music, movies. Who would risk having their CC with a computer company long term?

      --
      Domestic spying is now "Benign Information Gathering"
    2. Re:Too late if you activated Apple Pay by Anonymous Coward · · Score: 1

      >Apple Pay

      Oh, I remember that. That was that thing for idiots who were convinced it was easier to carry around a 6 ounce, $1000 phone than a free 10 gram debit card because "tapping" was somehow infinitely less physically exhausting than "swiping".

      So how's that working out for them?

    3. Re:Too late if you activated Apple Pay by WillAffleckUW · · Score: 1

      >Apple Pay

      Oh, I remember that. That was that thing for idiots who were convinced it was easier to carry around a 6 ounce, $1000 phone than a free 10 gram debit card because "tapping" was somehow infinitely less physically exhausting than "swiping".

      So how's that working out for them?

      Not sure, but they bundled it into the latest iOS 11.2 iPhone update.

      --
      -- Tigger warning: This post may contain tiggers! --
    4. Re:Too late if you activated Apple Pay by Jeremi · · Score: 1

      Oh, I remember that. That was that thing for idiots who were convinced it was easier to carry around a 6 ounce, $1000 phone than a free 10 gram debit card because "tapping" was somehow infinitely less physically exhausting than "swiping".

      It is a bit easier to to "tap" using the cell phone that's already in your hand (because of course it is) than to dig out your wallet, then dig the credit card out of the wallet, then swipe, then (sometimes) sign your name on the little slip of paper, then put it all away again.

      But that's not the real advantage of Apple Pay over a credit card -- the real advantage is that it's less vulnerable to replay attacks. WIth swiping a debit/credit card, anytime you make a purchase, you've given the seller all the information necessary to make more purchases on your account, whenever he/she wants to.

      As for carrying around a 6 ounce, $1000 phone -- you're doing that anyway (except maybe for the $1000 part), so why not take advantage of it?

      --


      I don't care if it's 90,000 hectares. That lake was not my doing.
    5. Re:Too late if you activated Apple Pay by tsa · · Score: 1

      Yeah, it's a nice example of obsolete before on the market.

      --

      -- Cheers!

    6. Re:Too late if you activated Apple Pay by Merk42 · · Score: 1

      If your shopping and your cell phone is already in your hand then you have other problems.

      Most people shop with their phone, on a website (or App)

  4. Re:Still on 10.12.6 by Anonymous Coward · · Score: 1

    Nice they at least give you a choice to update macOS and iOS - even though it nags.

    Unlike all those Android updates from carriers. What a pain those are.

  5. Apple fuck-nuggets broke the boot process AGAIN by Windrip · · Score: 2

    Try to avoid this update if possible.
    The previous High Sierra update failed when trying to start the window manager. I was able to recover by starting in single user mode and immediately exiting, which started the window manager.
    With this update, the Apple fuck-nuggets have broken that work-around.
    I have a macbook pro w/ 15" screen for sale.

    1. Re:Apple fuck-nuggets broke the boot process AGAIN by Windrip · · Score: 1

      I got the bitch back on the air. Reinstalled via ctrl/apple/r (?) which still failed to start the *cough* window *cough* manager, but at least the single-user + exit technique still worked.

      I still think these developers need a taste of the triple lashed whip

  6. Re:Still on 10.12.6 by AHuxley · · Score: 1

    Wait for the pushed security upgrade from macOS to iOS.

    --
    Domestic spying is now "Benign Information Gathering"
  7. Re:Dell by davester666 · · Score: 1

    Dell doesn't patch their bugs. They just sell upgrades.

    --
    Sleep your way to a whiter smile...date a dentist!
  8. Re:Dell by Aaden42 · · Score: 1

    Does this count?

    Dell begins offering laptops with Intel's management engine disabled