Yosemite and Rootpipe
Moderator: James Steele
Yosemite and Rootpipe
OS X users are urged to upgrade to Yosemite version 10.10.3 as soon as possible. Apple will not patch versions older than 10.10, reportedly due to the complexity of the fix.
http://appleinsider.com/articles/15/04/ ... -mavericks
NOTE: changed the subject since the original one is no longer relevant, the vulnerability is still there.
http://appleinsider.com/articles/15/04/ ... -mavericks
NOTE: changed the subject since the original one is no longer relevant, the vulnerability is still there.
Last edited by michkhol on Tue Apr 21, 2015 11:17 am, edited 2 times in total.
MacPro, 32 GB RAM, Metric Halo ULN8
macOS 13.6.3, DP 11.3
macOS 13.6.3, DP 11.3
Re: Yosemite is the only way (upgrade or be hacked)
What? Apple can't be bothered to fix a backdoor bug in anything other than Yosemite? There has to be more to this story.
MacPro5,1 2012, six core 2 x 3.06, 10.12.5, Digital Performer 9.13, 40 gb ram, 828mkIII, 2408 mkII, MTP AV, Logic Pro X 10.3.1, Studio One v 3.2, Pro Tools 12.7.1
- mikehalloran
- Posts: 15225
- Joined: Sun Jan 25, 2009 5:08 pm
- Primary DAW OS: MacOS
- Location: Sillie Con Valley
Re: Yosemite is the only way (upgrade or be hacked)
DP 11.31; 828mkII FW, micro lite, M4, MTP/AV USB Firmware 2.0.1
2023 Mac Studio M2 8TB, 192GB RAM, OS Sonoma 14.4.1, USB4 8TB external, M-Audio AIR 192|14, Mackie ProFxv3 6/10/12; 2012 MBPs Catalina, Mojave
IK-NI-Izotope-PSP-Garritan-Antares, LogicPro X, Finale 27.4, Dorico 5.2, Notion 6, Overture 5, TwistedWave, DSP-Q 5, SmartScore64 Pro, Toast 20 Pro
2023 Mac Studio M2 8TB, 192GB RAM, OS Sonoma 14.4.1, USB4 8TB external, M-Audio AIR 192|14, Mackie ProFxv3 6/10/12; 2012 MBPs Catalina, Mojave
IK-NI-Izotope-PSP-Garritan-Antares, LogicPro X, Finale 27.4, Dorico 5.2, Notion 6, Overture 5, TwistedWave, DSP-Q 5, SmartScore64 Pro, Toast 20 Pro
- HCMarkus
- Posts: 9750
- Joined: Tue Jan 10, 2006 9:01 am
- Primary DAW OS: MacOS
- Location: Rancho Bohemia, California
- Contact:
Re: Yosemite is the only way (upgrade or be hacked)
http://www.imore.com/apple-working-fix- ... isk-anyway
I'm not very concerned.
PS: No one operates my studio other than me and a few highly-trusted clients. Those who allow outside engineers may have good reason to be worried.
I'm not very concerned.
PS: No one operates my studio other than me and a few highly-trusted clients. Those who allow outside engineers may have good reason to be worried.
Re: Yosemite is the only way (upgrade or be hacked)
I'm concerned for two reasons.
1. I do remember DP had problems if run from non-admin account. I do not know if it is the case anymore.
2. Any program that you install (legitimate or pretending to be as such) can use this exploit. The point is, you will never know.
1. I do remember DP had problems if run from non-admin account. I do not know if it is the case anymore.
2. Any program that you install (legitimate or pretending to be as such) can use this exploit. The point is, you will never know.
MacPro, 32 GB RAM, Metric Halo ULN8
macOS 13.6.3, DP 11.3
macOS 13.6.3, DP 11.3
- mikehalloran
- Posts: 15225
- Joined: Sun Jan 25, 2009 5:08 pm
- Primary DAW OS: MacOS
- Location: Sillie Con Valley
Re: Yosemite is the only way (upgrade or be hacked)
Nothing I have read or experienced has confirmed that. Besides, malware does not need root access to screw up your Mac.2. Any program that you install (legitimate or pretending to be as such) can use this exploit. The point is, you will never know.
I can gain root access to any Mac as long as a) I am seated at the keyboard b) I have a few hours and c) I have a reason to do so. It's not hard and the procedure is well documented in Apple Support. OS doesn't matter and it has nothing to do with either of the security issues. Anyone who knows how can do it. Were it not possible, certain problems can not be fixed and problem Macs would become doorstops instead of repairable.
What I cannot do – or rather, it would be very difficult to do – is perform the task so that no one would notice. Once done, it takes time to put Humpty back together again. The only way to do it seamlessly is through an Admin account where I have the password. Otherwise, anyone looking for a culprit or hack will find it easily.
Having said this, if I am sitting at a Mac that isn't mine for a few hours, I am doing repairs, updates or both. Of the 30+ Macs that I service and maintain, I have an Admin account on each of them but no remote access -- not interested.
DP 11.31; 828mkII FW, micro lite, M4, MTP/AV USB Firmware 2.0.1
2023 Mac Studio M2 8TB, 192GB RAM, OS Sonoma 14.4.1, USB4 8TB external, M-Audio AIR 192|14, Mackie ProFxv3 6/10/12; 2012 MBPs Catalina, Mojave
IK-NI-Izotope-PSP-Garritan-Antares, LogicPro X, Finale 27.4, Dorico 5.2, Notion 6, Overture 5, TwistedWave, DSP-Q 5, SmartScore64 Pro, Toast 20 Pro
2023 Mac Studio M2 8TB, 192GB RAM, OS Sonoma 14.4.1, USB4 8TB external, M-Audio AIR 192|14, Mackie ProFxv3 6/10/12; 2012 MBPs Catalina, Mojave
IK-NI-Izotope-PSP-Garritan-Antares, LogicPro X, Finale 27.4, Dorico 5.2, Notion 6, Overture 5, TwistedWave, DSP-Q 5, SmartScore64 Pro, Toast 20 Pro
Re: Yosemite is the only way (upgrade or be hacked)
The one researcher claims that Apple will not update this. However, if you file a bug report (I did), Apple does respond saying they are looking into it.michkhol wrote:I'm concerned for two reasons.
1. I do remember DP had problems if run from non-admin account. I do not know if it is the case anymore.
2. Any program that you install (legitimate or pretending to be as such) can use this exploit. The point is, you will never know.
MacPro5,1 2012, six core 2 x 3.06, 10.12.5, Digital Performer 9.13, 40 gb ram, 828mkIII, 2408 mkII, MTP AV, Logic Pro X 10.3.1, Studio One v 3.2, Pro Tools 12.7.1
Re: Yosemite is the only way (upgrade or be hacked)
I'm not talking about your Mac, the picture is bigger:mikehalloran wrote:Besides, malware does not need root access to screw up your Mac.
A trojan looking like a video converter for instance (and performing as such), may install a bot that would send spam using your address book. It will install a system daemon without asking for the root password. You will never know it until the victims (who may be your dear friends) get infected by opening the trusted email from you.
Last edited by michkhol on Mon Apr 20, 2015 11:57 am, edited 1 time in total.
MacPro, 32 GB RAM, Metric Halo ULN8
macOS 13.6.3, DP 11.3
macOS 13.6.3, DP 11.3
Re: Yosemite is the only way (upgrade or be hacked)
The flaw's detailed description is in the open. While Apple is looking you are vulnerable if you are on OS X 10.7 - 10.9 and using admin account for regular work.billf wrote: The one researcher claims that Apple will not update this. However, if you file a bug report (I did), Apple does respond saying they are looking into it.
MacPro, 32 GB RAM, Metric Halo ULN8
macOS 13.6.3, DP 11.3
macOS 13.6.3, DP 11.3
Re: Yosemite is the only way (upgrade or be hacked)
For those who cannot upgrade to Yosemite, the way to file a bug report is here:michkhol wrote: The flaw's detailed description is in the open. While Apple is looking you are vulnerable if you are on OS X 10.7 - 10.9 and using admin account for regular work.
https://www.apple.com/feedback/macosx.html
Be sure to reference this blog post in your report:
https://truesecdev.wordpress.com/2015/0 ... /#comments
MacPro5,1 2012, six core 2 x 3.06, 10.12.5, Digital Performer 9.13, 40 gb ram, 828mkIII, 2408 mkII, MTP AV, Logic Pro X 10.3.1, Studio One v 3.2, Pro Tools 12.7.1
Re: Yosemite is the only way (upgrade or be hacked)
There's a hell of a lot of Apple haters just itching to find even one example of something like this actually affecting a single Mac user. And the silence is deafening! There are millions of Macs running older OSes out there, I've been waiting to eat my hat for decades now but it's still in one piece. That doesn't mean that you can go to a porn site and download a random installer and smugly congratulate yourself on being free from danger because you're running a Mac, what it means is that as long as you use a modicum of common sense the sky will continue to fall on Windows users and you can sleep easy.
27" iMac, MOTU 828mk2, 10.6, DP7, Melodyne etc, etc.
- Gravity Jim
- Posts: 2005
- Joined: Wed Apr 30, 2008 2:55 am
- Primary DAW OS: MacOS
- Location: Santa Rosa, CA
Re: Yosemite is the only way (upgrade or be hacked)
Lighten up, Francis.
Jim Bordner
MacPro 5,1 (3.33Ghz 12-core), 32g RAM, OS X 10.14.6 • MOTU DP 10.11 • Logic Pro X 10.2.5 • Waves Platinum, UAD-2, Slate Digital, Komplete, Omnisphere 2, LASS, CineSamples, Chipsounds, V Collection 5[color]
MacPro 5,1 (3.33Ghz 12-core), 32g RAM, OS X 10.14.6 • MOTU DP 10.11 • Logic Pro X 10.2.5 • Waves Platinum, UAD-2, Slate Digital, Komplete, Omnisphere 2, LASS, CineSamples, Chipsounds, V Collection 5[color]
- mikehalloran
- Posts: 15225
- Joined: Sun Jan 25, 2009 5:08 pm
- Primary DAW OS: MacOS
- Location: Sillie Con Valley
Re: Yosemite is the only way (upgrade or be hacked)
So... you really think that someone is going to write malware that exploits the root level on OS 10.7-9 without Apple figuring out a defense. Mind you, this was first made public in January and it hasn't happened yet.michkhol wrote:I'm not talking about your Mac, the picture is bigger:mikehalloran wrote:Besides, malware does not need root access to screw up your Mac.
A trojan looking like a video converter for instance (and performing as such), may install a bot that would send spam using your address book. It will install a system daemon without asking for the root password. You will never know it until the victims (who may be your dear friends) get infected by opening the trusted email from you.
Or, since this security flaw has been exposed, do you think that the anti-virus vendors will be unsuccessful in patching their programs first? Do understand, these are the guys who stand to realize monetary gain when one researcher tells us that the sky is falling.
DP 11.31; 828mkII FW, micro lite, M4, MTP/AV USB Firmware 2.0.1
2023 Mac Studio M2 8TB, 192GB RAM, OS Sonoma 14.4.1, USB4 8TB external, M-Audio AIR 192|14, Mackie ProFxv3 6/10/12; 2012 MBPs Catalina, Mojave
IK-NI-Izotope-PSP-Garritan-Antares, LogicPro X, Finale 27.4, Dorico 5.2, Notion 6, Overture 5, TwistedWave, DSP-Q 5, SmartScore64 Pro, Toast 20 Pro
2023 Mac Studio M2 8TB, 192GB RAM, OS Sonoma 14.4.1, USB4 8TB external, M-Audio AIR 192|14, Mackie ProFxv3 6/10/12; 2012 MBPs Catalina, Mojave
IK-NI-Izotope-PSP-Garritan-Antares, LogicPro X, Finale 27.4, Dorico 5.2, Notion 6, Overture 5, TwistedWave, DSP-Q 5, SmartScore64 Pro, Toast 20 Pro
Re: Yosemite is the only way (upgrade or be hacked)
Officially Apple knows about this issue. Officially they have NOT recommended users of Mavericks and earlier OSX versions that they need to upgrade immediately to Yosemite. That is the official stance at this moment.michkhol wrote:The flaw's detailed description is in the open. While Apple is looking you are vulnerable if you are on OS X 10.7 - 10.9 and using admin account for regular work.billf wrote: The one researcher claims that Apple will not update this. However, if you file a bug report (I did), Apple does respond saying they are looking into it.
Regarding your title "upgrade or be hacked," do you have any documentation that this has happened?
Be vigilant about your system, but let's be careful about the potential to spread FUD and panic.
BTW, Apple does things like this as well, which most of us never notice:
http://www.thesafemac.com/apple-cracks-down-on-adware/
MacPro5,1 2012, six core 2 x 3.06, 10.12.5, Digital Performer 9.13, 40 gb ram, 828mkIII, 2408 mkII, MTP AV, Logic Pro X 10.3.1, Studio One v 3.2, Pro Tools 12.7.1
Re: Yosemite is the only way (upgrade or be hacked)
The problem is that we don't know. We don't know if Apple comes up with a defense for older OSes. The bots are essentially sleeping cells until they are activated. Having root access a bot can operate completely unnoticed and erase all traces. We cannot know if it happened yet because it is so far undetectable. And Apple is known to be notoriously slow in patching its flaws.mikehalloran wrote: So... you really think that someone is going to write malware that exploits the root level on OS 10.7-9 without Apple figuring out a defense. Mind you, this was first made public in January and it hasn't happened yet.
Last edited by michkhol on Mon Apr 20, 2015 7:17 pm, edited 1 time in total.
MacPro, 32 GB RAM, Metric Halo ULN8
macOS 13.6.3, DP 11.3
macOS 13.6.3, DP 11.3