Install macOS 10.12.2 ASAP for security

“While some MacBook Pro owners claim macOS 10.12.2 improves battery life, there’s a more important reason to update to the latest version of Apple’s computer operating system: protecting your passwords,” Henry T. Casey reports for Laptop Magazine. “That’s because a Swedish hacker made a device that steals passwords off a Mac just by connecting a cable — unless the latest update is installed.”

“Swedish hacker Ulf Frisk demonstrated his trick in a blog post yesterday (Dec. 15). By simply connecting a device running his PCILeech software to a MacBook Air’s Thunderbolt port, then forcing a reboot, you can gain the system’s password in less than 30 seconds,” Casey writes. “With that password comes access to FileVault, the encryption software that protects the hard drive, so you’re essentially handing over even a well-protected Mac.”

Casey writes, “Frisk says Apple’s latest patches, released Wednesday (Dec. 14) will secure your Mac from this attack.”

Read more in the full article here.

MacDailyNews Take:

23 Comments

      1. Although it sounds like it is related to the use of Safari, that isn’t so. I have rebooted and NOT used Safari, and it still pops up. There don’t seem to be answers anywhere for this.
        I am using macOS Sierra Version 10.12.2 Beta [16C63a)

        1. Actually in most versions of Safari the option to “Reset Safari” is in the Safari menu at the top of the screen. Apple recently renamed the menu item to “Clear History” and removed the ability to specify what to reset/clear. You could clear cookies, history, etc. but also preview images, location info, website icons, passwords, autofill info, etc.

          You’ll have to search how to reset it now. I don’t know all all of the steps.

          From a quick search for the old method:

          ?version=1&modificationDate=1346010131000&api=v2

          1. Chrome as a “secure” browser option? Ahh, that’s the same company that was once caught dragging for & capturing wifi passwords from they’re mapping cars. There’s a couple of other curious things they’ve been known to do. I guess I’m paranoid.

        1. not Chrome.

          Go Firefox (Gecko rendering) or Opera (WebKit).

          With Firefox, memory usage is actually very good. You may want/need to deploy a few plugins and tweak some settings for max performance. But if you know how to do that, nothing else is as versatile and personalized.

          Opera uses the Chrome rendering engine. It’s as fast as Chrome, though a bit power hungry, like Chrome.

          All the others are essentially just styling differences on WebKit. The minor differences in out-of-the-box speed are largely irrelevant, expecially if you employ performance enhancements like a wired ethernet, an enhanced firewall, or an adblocker that eliminates the most aggregious affronts to human intelligence.

          Special mention needs to be given to iCab, which allows PowerPC Mac users the ability to have a modern browser.

    1. Yeah, this has been happening to me ever since I updated to 10.12.2. Sometimes when nothing but the Finder is running, supposedly. Of course, the stability and utility of the Finder is another can of worms….

  1. We are Windows now. What ever happened to “Macs are safe from attack.” I’ll answer that question: Tim Cook is what happened. While he was focused on phones and watches, the once great computer company became an ordinary company – just like the hated MSoft. Now we are the same.

    1. A big LOL. Yes, needing a custom piece of hardware and physical access to the computer is no different than windows long history of being the easiest, next to Android, system to compromise the world has ever seen.

    2. Unless you are using FileVaunt and Password protecting your Firmware you mac is only as safe as you are..

      leave it on a desk, and I could walk up boot to single user or efi and steal all your data, without knowing your password..
      Plus install whatever the hell back doors I want..
      macs are only as secure as the person using them.

    3. No, stupid fake ‘Jay Morrison’ anonymous coward whoever you really are. File Vault is from the STEVE JOBS days and has had this particular vulnerability from before he ascended. Did I point out that you’re stupid?

      Propaganda these days is prolific. It is also the most nonsensical it has ever been. A litmus test a day for stupid. That’s what we’ve got going on.

Reader Feedback

This site uses Akismet to reduce spam. Learn how your comment data is processed.