JeremyPoolaw84 wrote:
I work in an Apple Authorized Campus store and this is a concern as there are many of our customers that have dated Macs. Aside from shutting down completely, will turning off the wifi help in this at all? Any advice or reply is appreciated.
Just to add one other point of view to what has already been said, it should be noted that this vulnerability can be attacked by any software running with root-level permissions on a vulnerable Mac. As such, it's a real danger... but there are some things that would have to happen first.
In order to exploit this, someone has to get malicious software running with root permissions. At this time, the only ways this could happen - as far as anyone knows - is through an ordinary trojan horse or through a hacker actually having access to the system (either physical access to a poorly-secured Mac, or through remote access, such as through one of the common tech support scams going around right now). For this reason, user education is extremely important! Teach them how to avoid installing malicious software, how to spot and avoid online scams that try to get remote access to the computer, and show them how to secure their Macs (as much as possible) against physical access using FileVault and firmware passwords.
The second thing that must happen is that the Mac must go to sleep. If it hasn't been asleep since the last restart, it's not vulnerable. If it goes to sleep, it becomes vulnerable. Does that mean that I think you should never let your Mac go to sleep? No. But if you've got a user who you know is not savvy enough to avoid malicious software or scams, a simpler instruction for them to follow would be to simply tell them how to keep their Macs from going to sleep, and tell them to shut down instead.
Finally, note that all of this is major overkill for everyone at the moment. There are no known exploits in the wild for this, and there are unlikely ever to be any widespread exploits. If this actually gets used in attacks, it will probably be in tightly targeted attacks against specific individuals or organizations, and the vast majority of people out there will never see it.
So, long story short... it's a real threat, but it's unlikely for any random Mac user to ever be affected. We can't say it's impossible for any specific user to be affected, however. Folks will need to make their own decisions about how much to worry about this.