Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
macOS High Sierra Vulnerability Allegedly Allows Malicious Third-Party Apps to Access Plaintext Keychain Data
- Thread starter MacRumors
- Start date
- Sort by reaction score
Surprisingly there is not much of an issue and because of Metal 2, every animation on my 13" MacBook that utilises Intel GPU is so smooth.
Screenshot is broken.You might as well update because it isn't localised to High Sierra.
Nope.
It only expands my windows somewhat, sometimes barely and sometimes makes them smaller. But it NEVER expands the window large enough to fill the screen so I'm focused on just the one window without losing much needed access to the menu bar. But hey, apparently Apple knows how I like to work......
Why embarrassing?
Embarrassing is what’s taking place all over the world today.
We need to stop apologising for Apple all the time, I feel.
On launch day of new macOS, this guy just wants attention, don’t listen to the fear:
“For this vulnerability to work, a user needs to download malicious third-party code from an unknown source, something Apple actively discourages with warnings about apps downloaded outside of the Mac App Store or from non-trusted developers. In fact, Apple does not even allow apps from non-trusted developers to be downloaded without explicitly overriding security settings.”
So, don’t download software except from the macOS App Store until Apple confirms there actually is a vulnerability, and then patches it.
If confirmed, this affects more than just High Sierra. If not confirmed this guy will be hit with a lawsuit, hopefully.
“For this vulnerability to work, a user needs to download malicious third-party code from an unknown source, something Apple actively discourages with warnings about apps downloaded outside of the Mac App Store or from non-trusted developers. In fact, Apple does not even allow apps from non-trusted developers to be downloaded without explicitly overriding security settings.”
So, don’t download software except from the macOS App Store until Apple confirms there actually is a vulnerability, and then patches it.
If confirmed, this affects more than just High Sierra. If not confirmed this guy will be hit with a lawsuit, hopefully.
I hope that's not his Twitter password.
At least the Facebook one is an obvious reference to a classic IRC quote: http://qdb.us/44075
Again, this dude is just trying to put fear in people about macOS High Sierra, trying to get you not to download it and bombard Apple with questions about this, making a support problem on macOS launch day.
I do enjoy all of the FUD this is generating and the comments from people who neither understand the problem nor scope. This news is everywhere on the web with Mac users being told not to download High Sierra; web site after web site are simply reposting the press release without doing any actual research or critical analysis. One problem is the exploit apparently exists in all versions of Mac OS and yet it has not been used?
I think we can stand down on this one. Apple has some fixing to do to avoid this specific exploit but it is not like we are imminently doomed nor any safer by not downloading High Sierra.
I think we can stand down on this one. Apple has some fixing to do to avoid this specific exploit but it is not like we are imminently doomed nor any safer by not downloading High Sierra.
For anyone who doesn't get the hunter2 password reference - http://knowyourmeme.com/memes/hunter2
Nevertheless, people shouldn't quickly dismiss anything that involves vulnerability.
95% of these comments indicate you don’t understand how Gatekeeper works.
The article clearly states you have to override Gatekeeper the get the malicious unsigned 3rd party app to run.
Don’t override Gatekeeper unless you know what you are doing. Oh and if you were to override Gatekeeper anti-virus won’t help you because when you override GK you’re authorising an app by entering your password.
Didn’t any of you notice in system prefs > security & Privacy that the 3rd option for “Allow apps from” has been removed? You have to run a terminal command to get that option to reappear.
The article clearly states you have to override Gatekeeper the get the malicious unsigned 3rd party app to run.
Don’t override Gatekeeper unless you know what you are doing. Oh and if you were to override Gatekeeper anti-virus won’t help you because when you override GK you’re authorising an app by entering your password.
Didn’t any of you notice in system prefs > security & Privacy that the 3rd option for “Allow apps from” has been removed? You have to run a terminal command to get that option to reappear.
I'm amused that people are ripping a person who discovered the vulnerability and did report it to Apple. Just think of how many that may be out there that are not being reported to Apple.
All you need to do is not download apps from a source outside of the Mac App Store.
Simple.
Ignoring the FUD and getting on with my life. Apple will confirm and fix if needed.
Unfortunately, there are plenty of bugs in any OS. And sometimes, they aren't found until the last moment.
There is nothing to apologize for. People can blame and mock Apple over this if they want. However, Apple has never claimed to release perfect software. And neither has any other OS developer.