MOTUNATION (formerly UnicorNation) is an independent community for discussing Digital Performer and other MOTU audio software and hardware. It is not affiliated with MOTU.
billf wrote:
Officially Apple knows about this issue. Officially they have NOT recommended users of Mavericks and earlier OSX versions that they need to upgrade immediately to Yosemite. That is the official stance at this moment.
Can you provide a link?
Regarding your title "upgrade or be hacked," do you have any documentation that this has happened?
I never heard that serious hacks were ever announced. Usually the system is hacked first and it becomes known only after the malware does something stupid. And when it happens the documentation is written and the flaw gets fixed. In other words, if you can find the documentation - nothing to worry about.
billf wrote:
Officially Apple knows about this issue. Officially they have NOT recommended users of Mavericks and earlier OSX versions that they need to upgrade immediately to Yosemite. That is the official stance at this moment.
Can you provide a link?
That's the point, Apple telling people to upgrade immediately to Yosemite does not exist. You are the only one telling us otherwise.
MacPro5,1 2012, six core 2 x 3.06, 10.12.5, Digital Performer 9.13, 40 gb ram, 828mkIII, 2408 mkII, MTP AV, Logic Pro X 10.3.1, Studio One v 3.2, Pro Tools 12.7.1
michkhol wrote:
A trojan looking like a video converter for instance (and performing as such), may install a bot that would send spam using your address book. It will install a system daemon without asking for the root password. You will never know it until the victims (who may be your dear friends) get infected by opening the trusted email from you.
Wouldn't a utility like Little Snitch prevent this?
billf wrote:
That's the point, Apple telling people to upgrade immediately to Yosemite does not exist. You are the only one telling us otherwise.
This is a strange logic. Apple not telling people to upgrade immediately does not mean it "officially does NOT recommend it". Here is the link where there is a full description of the flaw for any hacker on Earth and where Apple unofficially refuses to patch older OSes. Make your own conclusions.
No surprise from Apple, I'm officially standing down on this. 10.10.3 appears to be vulnerable all the same, but now with a published way to do this for anyone.
Physical access or previously granted remote access to the target machine is required in order for the vulnerability to be exploited.
I never said or implied that this vulnerability can be exploited remotely. Only if you install a malicious program yourself.