MOTUnation.com

MOTUNATION (formerly UnicorNation) is an independent community for discussing Digital Performer and other MOTU audio software and hardware. It is not affiliated with MOTU.
https://www.motunation.com/forum/

Yosemite and Rootpipe

https://www.motunation.com/forum/viewtopic.php?t=59659

Page 2 of 2

Re: Yosemite is the only way (upgrade or be hacked)

Posted: Mon Apr 20, 2015 7:14 pm
by michkhol
billf wrote:
Officially Apple knows about this issue. Officially they have NOT recommended users of Mavericks and earlier OSX versions that they need to upgrade immediately to Yosemite. That is the official stance at this moment.
Can you provide a link?
Regarding your title "upgrade or be hacked," do you have any documentation that this has happened?
I never heard that serious hacks were ever announced. Usually the system is hacked first and it becomes known only after the malware does something stupid. And when it happens the documentation is written and the flaw gets fixed. In other words, if you can find the documentation - nothing to worry about.

Re: Yosemite is the only way (upgrade or be hacked)

Posted: Mon Apr 20, 2015 7:30 pm
by billf
michkhol wrote:
billf wrote:
Officially Apple knows about this issue. Officially they have NOT recommended users of Mavericks and earlier OSX versions that they need to upgrade immediately to Yosemite. That is the official stance at this moment.
Can you provide a link?
That's the point, Apple telling people to upgrade immediately to Yosemite does not exist. You are the only one telling us otherwise.

Re: Yosemite is the only way (upgrade or be hacked)

Posted: Mon Apr 20, 2015 7:46 pm
by cuttime
michkhol wrote: A trojan looking like a video converter for instance (and performing as such), may install a bot that would send spam using your address book. It will install a system daemon without asking for the root password. You will never know it until the victims (who may be your dear friends) get infected by opening the trusted email from you.
Wouldn't a utility like Little Snitch prevent this?

Re: Yosemite is the only way (upgrade or be hacked)

Posted: Tue Apr 21, 2015 5:45 am
by michkhol
billf wrote: That's the point, Apple telling people to upgrade immediately to Yosemite does not exist. You are the only one telling us otherwise.
This is a strange logic. Apple not telling people to upgrade immediately does not mean it "officially does NOT recommend it". Here is the link where there is a full description of the flaw for any hacker on Earth and where Apple unofficially refuses to patch older OSes. Make your own conclusions.

https://truesecdev.wordpress.com/2015/0 ... pple-os-x/

Re: Yosemite is the only way (upgrade or be hacked)

Posted: Tue Apr 21, 2015 6:13 am
by mikehalloran
This is a strange logic.
Agreed but not the way you think.
Make your own conclusions.
Already done. I'm ignoring the rest of this nonsense.

Re: Yosemite is the only way (upgrade or be hacked)

Posted: Tue Apr 21, 2015 7:19 am
by HCMarkus
The Only Way?

http://www.macrumors.com/2015/04/21/sec ... -rootpipe/

Not yet, apparently. :lol:

Regardless, call me Alfred (as in "What, me worry?") on this one.
Physical access or previously granted remote access to the target machine is required in order for the vulnerability to be exploited.

Re: Yosemite is the only way (upgrade or be hacked)

Posted: Tue Apr 21, 2015 10:59 am
by michkhol
HCMarkus wrote:The Only Way?

http://www.macrumors.com/2015/04/21/sec ... -rootpipe/

Not yet, apparently. :lol:
No surprise from Apple, I'm officially standing down on this. 10.10.3 appears to be vulnerable all the same, but now with a published way to do this for anyone.
Physical access or previously granted remote access to the target machine is required in order for the vulnerability to be exploited.
I never said or implied that this vulnerability can be exploited remotely. Only if you install a malicious program yourself.

Re: Yosemite is the only way (upgrade or be hacked)

Posted: Tue Apr 21, 2015 3:07 pm
by Gravity Jim
michkhol wrote:We cannot know if it happened yet because it is so far undetectable. And Apple is known to be notoriously slow in patching its flaws.
Now I know you're trolling. Apple is not "notoriously slow in patching its flaws."

Re: Yosemite is the only way (upgrade or be hacked)

Posted: Tue Apr 21, 2015 3:23 pm
by bayswater
michkhol wrote:Only if you install a malicious program yourself.
That's a relief. I'll stop installing malicious programs.

Re: Yosemite is the only way (upgrade or be hacked)

Posted: Tue Apr 21, 2015 3:54 pm
by michkhol
Gravity Jim wrote:
michkhol wrote:We cannot know if it happened yet because it is so far undetectable. And Apple is known to be notoriously slow in patching its flaws.
Now I know you're trolling. Apple is not "notoriously slow in patching its flaws."
As you can see, Apple still has not patched this 4 year-old one. Anyway this is a fruitless discussion and I will stop here.

Re: Yosemite and Rootpipe

Posted: Tue Apr 21, 2015 4:51 pm
by Gravity Jim
A welcome announcement.
All times are UTC-07:00
Page 2 of 2

Powered by phpBB® Forum Software © phpBB Limited