Yosemite and Rootpipe

Macintosh software/hardware discussion and troubleshooting

Moderator: James Steele

michkhol
Posts: 691
Joined: Tue Oct 24, 2006 8:06 am
Primary DAW OS: MacOS
Location: MD, USA

Re: Yosemite is the only way (upgrade or be hacked)

Post by michkhol »

billf wrote:
Officially Apple knows about this issue. Officially they have NOT recommended users of Mavericks and earlier OSX versions that they need to upgrade immediately to Yosemite. That is the official stance at this moment.
Can you provide a link?
Regarding your title "upgrade or be hacked," do you have any documentation that this has happened?
I never heard that serious hacks were ever announced. Usually the system is hacked first and it becomes known only after the malware does something stupid. And when it happens the documentation is written and the flaw gets fixed. In other words, if you can find the documentation - nothing to worry about.
MacPro, 32 GB RAM, Metric Halo ULN8
macOS 13.6.3, DP 11.3
User avatar
billf
Posts: 3662
Joined: Sat Jan 22, 2005 10:01 pm
Primary DAW OS: MacOS
Location: Home

Re: Yosemite is the only way (upgrade or be hacked)

Post by billf »

michkhol wrote:
billf wrote:
Officially Apple knows about this issue. Officially they have NOT recommended users of Mavericks and earlier OSX versions that they need to upgrade immediately to Yosemite. That is the official stance at this moment.
Can you provide a link?
That's the point, Apple telling people to upgrade immediately to Yosemite does not exist. You are the only one telling us otherwise.
MacPro5,1 2012, six core 2 x 3.06, 10.12.5, Digital Performer 9.13, 40 gb ram, 828mkIII, 2408 mkII, MTP AV, Logic Pro X 10.3.1, Studio One v 3.2, Pro Tools 12.7.1
User avatar
cuttime
Posts: 4291
Joined: Sun May 15, 2005 10:01 pm
Primary DAW OS: MacOS

Re: Yosemite is the only way (upgrade or be hacked)

Post by cuttime »

michkhol wrote: A trojan looking like a video converter for instance (and performing as such), may install a bot that would send spam using your address book. It will install a system daemon without asking for the root password. You will never know it until the victims (who may be your dear friends) get infected by opening the trusted email from you.
Wouldn't a utility like Little Snitch prevent this?
828x MacOS 13.6.5 M1 Studio Max 1TB 64G DP11.31
michkhol
Posts: 691
Joined: Tue Oct 24, 2006 8:06 am
Primary DAW OS: MacOS
Location: MD, USA

Re: Yosemite is the only way (upgrade or be hacked)

Post by michkhol »

billf wrote: That's the point, Apple telling people to upgrade immediately to Yosemite does not exist. You are the only one telling us otherwise.
This is a strange logic. Apple not telling people to upgrade immediately does not mean it "officially does NOT recommend it". Here is the link where there is a full description of the flaw for any hacker on Earth and where Apple unofficially refuses to patch older OSes. Make your own conclusions.

https://truesecdev.wordpress.com/2015/0 ... pple-os-x/
MacPro, 32 GB RAM, Metric Halo ULN8
macOS 13.6.3, DP 11.3
User avatar
mikehalloran
Posts: 15132
Joined: Sun Jan 25, 2009 5:08 pm
Primary DAW OS: MacOS
Location: Sillie Con Valley

Re: Yosemite is the only way (upgrade or be hacked)

Post by mikehalloran »

This is a strange logic.
Agreed but not the way you think.
Make your own conclusions.
Already done. I'm ignoring the rest of this nonsense.
DP 11.31; 828mkII FW, micro lite, M4, MTP/AV USB Firmware 2.0.1
2023 Mac Studio M2 8TB, 192GB RAM, OS Sonoma 14.4, USB4 8TB external, M-Audio AIR 192|14, Mackie ProFxv3 6/10/12; 2012 MBPs Catalina, Mojave
IK-NI-Izotope-PSP-Garritan-Antares, LogicPro X, Finale 27.4, Dorico 5.2, Notion 6, Overture 5, TwistedWave, DSP-Q 5, SmartScore64 Pro, Toast 20 Pro
User avatar
HCMarkus
Posts: 9712
Joined: Tue Jan 10, 2006 9:01 am
Primary DAW OS: MacOS
Location: Rancho Bohemia, California
Contact:

Re: Yosemite is the only way (upgrade or be hacked)

Post by HCMarkus »

The Only Way?

http://www.macrumors.com/2015/04/21/sec ... -rootpipe/

Not yet, apparently. :lol:

Regardless, call me Alfred (as in "What, me worry?") on this one.
Physical access or previously granted remote access to the target machine is required in order for the vulnerability to be exploited.
michkhol
Posts: 691
Joined: Tue Oct 24, 2006 8:06 am
Primary DAW OS: MacOS
Location: MD, USA

Re: Yosemite is the only way (upgrade or be hacked)

Post by michkhol »

HCMarkus wrote:The Only Way?

http://www.macrumors.com/2015/04/21/sec ... -rootpipe/

Not yet, apparently. :lol:
No surprise from Apple, I'm officially standing down on this. 10.10.3 appears to be vulnerable all the same, but now with a published way to do this for anyone.
Physical access or previously granted remote access to the target machine is required in order for the vulnerability to be exploited.
I never said or implied that this vulnerability can be exploited remotely. Only if you install a malicious program yourself.
MacPro, 32 GB RAM, Metric Halo ULN8
macOS 13.6.3, DP 11.3
User avatar
Gravity Jim
Posts: 2005
Joined: Wed Apr 30, 2008 2:55 am
Primary DAW OS: MacOS
Location: Santa Rosa, CA

Re: Yosemite is the only way (upgrade or be hacked)

Post by Gravity Jim »

michkhol wrote:We cannot know if it happened yet because it is so far undetectable. And Apple is known to be notoriously slow in patching its flaws.
Now I know you're trolling. Apple is not "notoriously slow in patching its flaws."
Jim Bordner

MacPro 5,1 (3.33Ghz 12-core), 32g RAM, OS X 10.14.6 • MOTU DP 10.11 • Logic Pro X 10.2.5 • Waves Platinum, UAD-2, Slate Digital, Komplete, Omnisphere 2, LASS, CineSamples, Chipsounds, V Collection 5[color]
User avatar
bayswater
Posts: 11923
Joined: Fri Feb 16, 2007 9:06 pm
Primary DAW OS: MacOS
Location: Vancouver

Re: Yosemite is the only way (upgrade or be hacked)

Post by bayswater »

michkhol wrote:Only if you install a malicious program yourself.
That's a relief. I'll stop installing malicious programs.
2018 Mini i7 32G 10.14.6, DP 11.3, Mixbus 9, Logic 10.5, Scarlett 18i8
michkhol
Posts: 691
Joined: Tue Oct 24, 2006 8:06 am
Primary DAW OS: MacOS
Location: MD, USA

Re: Yosemite is the only way (upgrade or be hacked)

Post by michkhol »

Gravity Jim wrote:
michkhol wrote:We cannot know if it happened yet because it is so far undetectable. And Apple is known to be notoriously slow in patching its flaws.
Now I know you're trolling. Apple is not "notoriously slow in patching its flaws."
As you can see, Apple still has not patched this 4 year-old one. Anyway this is a fruitless discussion and I will stop here.
MacPro, 32 GB RAM, Metric Halo ULN8
macOS 13.6.3, DP 11.3
User avatar
Gravity Jim
Posts: 2005
Joined: Wed Apr 30, 2008 2:55 am
Primary DAW OS: MacOS
Location: Santa Rosa, CA

Re: Yosemite and Rootpipe

Post by Gravity Jim »

A welcome announcement.
Jim Bordner

MacPro 5,1 (3.33Ghz 12-core), 32g RAM, OS X 10.14.6 • MOTU DP 10.11 • Logic Pro X 10.2.5 • Waves Platinum, UAD-2, Slate Digital, Komplete, Omnisphere 2, LASS, CineSamples, Chipsounds, V Collection 5[color]
Post Reply