Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Releases macOS Big Sur 11.3.1 With Fixes for WebKit Security Issues
- Thread starter MacRumors
- Start date
- Sort by reaction score
For example, here is code that causes an Integer overflow:
C:
nresp = packet_get_int();
if (nresp > 0) {
response = xmalloc(nresp*sizeof(char*));
for (i = 0; i < nresp; i++)
response[i] = packet_get_string(NULL);
}When nresp = 1073741824, and sizeOfChar = 4, the malloc allocates a 0-length buffer inside the memory given to the code. This causes the loop to start writing into the code. Things like this can't be checked by the OS - only by the compiler, or the original programmer who should do a check for the xmalloc size. Unfortunately, C doesn't check to make sure this is valid code.
I don't have Big Sur on my Intel Mac, so I can't directly compare; but - on my M1 Air, it sure seems like system updates take significantly longer than they typically have on my 2015 MacBook Pro.
Yet, most of those quick updates are due to Apple breaking things not due to security.
Could we safely assume that a Webkit engine written in Swift would be much more secure in this regard? If so, do you think Apple is planning to code their own new engine -in Swift- in order to make their operating systems more secure?
Man I don’t understand if you can’t trust apple with their updates and why don’t you go and buy a windows machine I’m sure you’ll enjoy their updates every day.🙈
But fer sure, this must be a 0.2 kB patch that takes 0.1 milliseconds to apply, and doesn't need a restart? What the actual frack are they DOING with all that data garbage, and what is taking so long to install this crap? It is a creeping rot that becomes worse with time.
And why can't these star programmers not fracking TEST their code properly BEFORE they ship their stuff? It's not like there aren't tools available…
Nah, just install Linux, and your updates are done on the fly. Just restart and you are done. As it should be.
WHAT is it that that takes HOURS in putting some files in place? I just don't get it.
You don't. You have to restart your computer because WebKit is a framework used by almost every other application on your system.
My house has a door that criminals might be able to open. To fix the problem, I'm going to add a different type of door on the side of the house.
That's fine at the individual consumer level, but when you're administering thousands of machines at the enterprise level, and security patches included in the 11.3 release are REQUIRED to be installed immediately, this is not an option.
Me too. Peculiar. But so was seeing Relocated Items folder (first time ever) on my Desktop
Does anyone know why the equivalent fix is around 130 MB for the iPhone but nearly 2.5 GB for the Mac?
Probably needed to patch recoveryOS which has Safari built-in, but I don't believe recoveryOS supports delta updates so that would require flashing the whole recoveryOS image.
We have been making doors for more than forty years. Why can't we get it right before we put it on the market?
That’s a really great humble brag, I love it. Looking forward to M series hardware myself!
11.3.1 seems to have fixed streaming audio to my stereo-paired HomePods. It was terrible with 11.3! Working great with this update. Whew!