I work in an Apple Authorized Campus store and this is a concern as there are many of our customers that have dated Macs. Aside from shutting down completely, will turning off the wifi help in this at all? Any advice or reply is appreciated.
MacBook Pro (Retina, 13-inch, Mid 2014), OS X Mavericks (10.9.5)
Who's the ISP for the campus and is the wireless network their responsibility?
Its going to be easier to hack one or two control points of the network than it would be to hack the mac.
• since OS 10.1 there has been a software firewall built into the OS, enable it if it's not already
• Download flash from the Adobe website and never any other source.
• Block ports for torrent sharing, unless you need a legacy version of Open Office this is a huge cluster for getting some dodgy software.
• Dont run cracked software - end of story! Who knows what else your inviting with those key-gens and cracked apps?
• Dont give your router password out to everyone and have a Wireless policy
• Patch your wireless routers with the latest firmware from the manufacturers.
• patch your Mac OS to the latest available version for the version you use, and download security updates from Apple, I don't know how far they go back but
Apple still patches older OS's and legacy devices with security update.
Apple security updates - Apple Support
and
• If you have a PC, install anti-virus. If you have a mac stay alert for scams and pop ups that AV wont protect you against.
here's a great article by one of the forum contributors
Its not us, as a store, but our customers that still have the older product. As with all things Apple, we have the latest product. I should have phrased my question far better then what it is. I am asking this for our customers when they call (I'm sure word will spread) about it and what we should advise them to do. i.e. What should a person with a Mac that is five or more years old? I apologize for that lack of clarity.
no, you were clear, I work in a mixed OS environment and on a very open network. Patching is key and policy is key. I've teched for companies that got stuff off Limewire and Emule back in the day, I did a lot of repeat calls because they would not buy the ******* software and ran all kinds of stuff.
If someone is calling you with a cracked mac I'd advise them first explain what gave them the conclusion they were hacked and if it sounds like they were to contact someone here who can verify the nature of what is going on. Most of the hacks or exploits the older ones included on the mac are commonly developed independently and reported to Apple so patches can be developed (granted the ones we actually hear about) but Apple is actually very good about that and four or five year old macs still get those patches. You wont see a OS 10.9.6 update, you will see a 10.6 security patch if one was needed for an exploit last month, however I think the last patch I saw relevant to 10.6 was from 2014.
The article that I read (before the news media misrepresented it) indicated that this was a potential exploit that was discovered in a research lab, and even the researchers were quoted in that article as not being aware of any imminent threat that it was deployed at the present time. Of course, the news media didn't find that sensational enough, so they wrote their press articles as if this was a current exploit, and all Mac users with pre-2014 hardware should just tremble in fear.
If someone weaponizes and releases this exploit, then yes, it will be a problem for anyone that leaves their Mac unattended and logged in as root, or if this is released as a sub-exploit within another exploit. The anti-virus, anti-malware vendors just love it when a story like this breaks, and everyone rushes out to purchase anti-dote software, that just neuters their Mac performance and stability. When Apple feels this is a genuine threat, they will simply update the inherent X-Protect database in recent versions of OS X, and the problem will then be handled by the operating system.
+1
from a tech standpoint getting "computer" information from mainstream media is like getting an explanation of how communication satellites work from a guy in a tinfoil hat.
also it doesn't hurt to read this every few weeks
IMHO this does an excellent job of explaining what the actual story is with most of this stuff before the media starts playing mad-libs on the report they read off.
Thanks for the replies everyone. I have passed along this info to my managers and they will create a plan of attack in case someone does ask. I think they were worried more about what older Mac-owners would say. I agree that there will be some people that will freak out about this and we just want to be ready for them.
Here's a real life experience. 😉 What do you mean by "old"? I still use OSX 10.4.11 on a PPC Mac. I figure I am so far behind nobody bothers to even try to write anything that will run on my Mac. I am not neurotic about computer security and frankly the only thing I do on my computer that requires any degree of security is check e-mail and maybe buy something online a few times a year. For that I use TenFourfox as my browser because it is still updated even for old OSX users. Actually I have two copies of TFF. One is the older one which still runs my outdated Flash and despite all the histrionics about it I haven't seen any issues. I use that one for general web browsing because frankly you still have to run Flash for a lot of sites. The other is the newer one which I use for truly secure browsing such as online purchases and truly important log-ins (logging in here I use my old browser -- haven't seen anybody posting to ASC under my name so far 😉 ). Everything else, well, frankly I don't really care. I do run a widget that tells me how much network traffic I have going in and out. I guess if somebody suddenly used my computer to send 1,000,000 emails I would notice a bump in traffic and wonder what was going on. Okay, maybe this configuration is make a security freak crazy but I have been running it since 2007 and haven't seen anything yet. I guess I could run a newer computer but reading the forum here there seem to be more security concerns with newer OS versions than my old one and why spend all that money? I guess it is like saying am I so worried about driving anywhere I need a Humvee, or am I prepared to be a careful driver and still use my 34 year old car?
I don't know about Apple sending out Snow Leopard updates. In the past they stopped sending updates to anything except the current and previous OS version, though with the recent spate of OSX releases they may have stretched it back a bit. Vintage and obsolete products - http://support.apple.com/kb/HT1752 I haven't seen an Apple update to anything I run in about 4 years. Microsoft was a bit better and kept sending me Office 2004 updates until a year or so ago.
I think my managers are worried about anything that was before the mid-2014 purchases. At my other job at Staples, we had a lot of people coming for the news on the celebrity photo leaks. The ones I spoke to were simply told that having a weak password or having the same password for multiple accounts can lead to that. Someone will blow this out of proportion and I can see us getting a flood of questions. I see your point with the browser as I use firefox for most of mine. The MacBook Pro 13inch with Retina display is one that I see myself using for the next five years and I have also resisted buying the new iPad Air 2 since I have zero complaints with my current Air.
Hello JeremyPoolaw84,
Don't worry about it. Apple is always good link-bait and Apple has been in the news a lot recently because of the Apple Watch. People are also taking advantage of the hype for WWDC next week. They are really just trying to drive some ad revenue to their blog sites, and get their name repeated, while there is a good opportunity to do so.
While this is a potential exploit, it is one that Apple has already fixed in current machines. There may be a firmware update in the near future for older hardware. But even if there isn't, it is important to realize that no one is being truthful about how unbelievably difficult it would be to actually perform the hack. The original security hacker who found it simply redefined the term "userland" to include things like root access and kernel extensions. Before his blog post on May 29, 2015, these things were, by definition, never considered userland. He is basically saying that if there is a Mac security exploit more serious than any that has ever been reported before, then you might, if you are running old hardware, be vulnerable to yet another security exploit. And yeah, it would be a bad one.
Basically, it is like saying that at any time, international criminal masterminds could blow a hole into the vault of (what used to be) the most secure bank in the world. That would allow anyone to walk into the vault and walk about with the diamonds. When is the bank going to fix the exploit that allow people to just walk out with the diamonds? Assume, of course that the hole has already been blown into the vault. Assume also that the exploit has already been fixed in new bank vaults. Maybe the diamonds have been moved to the new vaults and the old vault only has cubic zirconia and old BlackBerry stock certificates. Maybe it will be a straight-to-video Oceans 14 where they bust into the Wichita Teachers' Credit Union. But not the main branch, the old one down on 14th street. At this point, it doesn't even sound like a good movie anymore.
My apologies to Wichita, which I'm sure is a fine town where people enjoy not having to worry about banks being blown up. It's just for the metaphor.
JeremyPoolaw84 wrote:
I work in an Apple Authorized Campus store and this is a concern as there are many of our customers that have dated Macs. Aside from shutting down completely, will turning off the wifi help in this at all? Any advice or reply is appreciated.
Just to add one other point of view to what has already been said, it should be noted that this vulnerability can be attacked by any software running with root-level permissions on a vulnerable Mac. As such, it's a real danger... but there are some things that would have to happen first.
In order to exploit this, someone has to get malicious software running with root permissions. At this time, the only ways this could happen - as far as anyone knows - is through an ordinary trojan horse or through a hacker actually having access to the system (either physical access to a poorly-secured Mac, or through remote access, such as through one of the common tech support scams going around right now). For this reason, user education is extremely important! Teach them how to avoid installing malicious software, how to spot and avoid online scams that try to get remote access to the computer, and show them how to secure their Macs (as much as possible) against physical access using FileVault and firmware passwords.
The second thing that must happen is that the Mac must go to sleep. If it hasn't been asleep since the last restart, it's not vulnerable. If it goes to sleep, it becomes vulnerable. Does that mean that I think you should never let your Mac go to sleep? No. But if you've got a user who you know is not savvy enough to avoid malicious software or scams, a simpler instruction for them to follow would be to simply tell them how to keep their Macs from going to sleep, and tell them to shut down instead.
Finally, note that all of this is major overkill for everyone at the moment. There are no known exploits in the wild for this, and there are unlikely ever to be any widespread exploits. If this actually gets used in attacks, it will probably be in tightly targeted attacks against specific individuals or organizations, and the vast majority of people out there will never see it.
So, long story short... it's a real threat, but it's unlikely for any random Mac user to ever be affected. We can't say it's impossible for any specific user to be affected, however. Folks will need to make their own decisions about how much to worry about this.
Excellent post. You laid everything our clearly and distinctly. User education is the key and this exploit is manageable until a permanent fix is in place. Thank you.
Is there a fix for the Mac vulnerability for being hacked while in sleep mode?
