“Apple yesterday issued an emergency security update for the Mac, patching the same trio of vulnerabilities the company fixed last week on the iPhone,” Gregg Keizer reports for Computerworld. “According to one of the groups that first revealed the flaws, the vulnerabilities could have been ‘weaponized’ for use against OS X, the Mac’s operating system.”
“The out-of-band update was aimed at OS X El Capitan (aka 10.11) and Yosemite (10.10), the 2015 and 2014 editions, respectively,” Keizer reports. “According to reports from researchers at mobile security vendor Lookout and the Citizen Lab at the University of Toronto, the trio of bugs were used to spy on an activist in the United Arab Emirates by turning his iPhone into a surveillance tool.”
Keizer reports, “Prior to the disclosure last week, the vulnerabilities, pegged as ‘Trident’ by Citizen Labs, were ‘zero-days,’ or unknown to Apple, and so extremely valuable on the black market.”
Read more in the full article here.
MacDailyNews Take: Today, the Apple ecosystem is even safer! If you haven’t updated your Mac with Security Update 2016-001 El Capitan or Security Update 2016-005 Yosemite, do so ASAP.
SEE ALSO:
iPhone users should update to iOS 9.3.5 immediately – August 26, 2016
Apple boosts iPhone security after Mideast spyware discovery; releases iOS 9.3.5 – August 25, 2016
Unfortunately – where there was three, there are more. Since they are so valuable and used by nation states, the fact they have been revealed, means they lost value and there’s something new under the hood to play with.
That’s what sucks about modern tech. It’s a weaved net of code with a lot of holes.
So the patch isn’t helpful?
Patches very helpful. Just realization that it probably isn’t enough and we are still waiting for the next ball to drop.
You’d better go live in a cave with a tin foil hat then.
You are basically saying I am being overly paranoid. I am not talking about magic, mind reading or 5km meteors. I am simply pointing out the obvious.
Using a digital device to host your PI risking a privacy leak, is about the same as driving a car along a coastal highway risking bodily harm. The thing is we trust our PI to the cloud, which similar to parachuting out of a plane on a regular basis.
As our society matures we are taking greater risks, risks we no little about. Yet we are, as a whole, living longer and healthier because of those risks – at least in the short term. Go figure.
…which is similar… …risks we know little about…
The problem was also found in iOS …
http://fortune.com/2016/09/02/ios-security-mac/?iid=leftrail
That simply means it’s a core kernel level issue. Especially over most of our heads on a technical level.
Things won’t get better until we get computer AI to write code for us and at the same time perform predictive modeling to look for vulnerabilities and patch at point of compile. Or our next operating system won’t be compiled as it’s written in binary from the start. No more buffer overruns.
If AI is ever able to write code, which is doubtful, it is likely to be full of more holes than human written code. AI, if it ever arrives, will have the same muddy thinking humans do, only more so. Try getting a definitive answer from Siri to a complex question.
We could have fun with that concept. Taking your thoughts to the next level having AI write television scripts.
Because we live in a happy delusional bubble, we tend not to realize that iOS and OSX have TONS of exploits. In fact, in 2015, macOS and iOS had the most exploits discovered, next to FLASH.
If you keep track of exploits it can be rather disheartening.
The price of being popular and the tools of elite persons in society. Huge target on your back.
Reference for fact checking, please.
Vulnerabilities yes, exploitable vulnerabilities, NO! Nowhere near “TONS of exploits” as you claim. I other words you lie by distorting “vulnerabilities” and claiming they were actual “exploited,” when they were not. There is a huge difference.
A vulnerability that is reported but not exploited before it was patched, and no exploit for it is ever developed to use that vulnerability is of no danger to anyone. A vulnerability is merely a potential for an exploit. It does NOT mean it was or even CAN be exploited, just that there is a possibility that it could be exploited if certain conditions are met. Sometimes those conditions cannot even BE met for other reason unrelated to what was found, but the vulnerability still exists in the software and should be fixed as a matter of course.
I don’t believe until the advent of AI can a system check itself or other coded systems against all possible attacks, which leads us neatly to the path of an impenetrable AI Skynet-esque tech enemy. 😉
So far no OS written by man has totally passed the security test, nor will it ever using current techniques. Solving this would be a great innovation.
I think that is a computer does that, it will realize that we are the security flaw. And it will get rid of us.
Hence the potential Skynet/Terminator connection and the fact it’d be right! 😉 Humans have always been their own worst enemies, nothing new there eh?
You guys are assuming that the computers can write code that humans can’t hack into.
What makes you think humans are inferior hackers than computers? Anybody successfully programmed a hacker?
Waiting for Sierra beta to be patched..didn’t see an update last night..
If you’re using the NVIDIA web drivers on 10.11.6, this latest security update will disable them. If you meet these criteria and you have work to do, disconnect from your network (for security) and wait until NVIDIA updates the web drivers.
I’m happy to report that new web driver version 346.03.15f03 was released late Friday or early Saturday, and I’m back up and running.
And it is not even Tuesday…
Apple of today is looking more like Ballmer’s Microsoft every day.
I don’t believe it. No one said that their Macs were more snappy…and it is on mine.