Mozilla Patches Two Zero-Day Vulnerabilities in Firefox Used to Install Backdoors on Macs, Update Now

Discussion in 'Mac Blog Discussion' started by MacRumors, Jun 21, 2019.

  1. MacRumors macrumors bot


    Apr 12, 2001

    Mozilla has patched two zero-day security vulnerabilities in Firefox that allowed backdoors to be installed on Macs, bypassing Apple's usual XProtect and Gatekeeper protections. Firefox users should update the browser immediately.


    Ars Technica's Dan Goodin:
    The zero-days were exploited by unnamed hackers this week, but so far, attacks are known only to have targeted Mac users involved in cryptocurrency.

    As noted by Mac security expert Patrick Wardle, XProtect and Gatekeeper provided no protection in this case, as they only scan applications that have a quarantine flag set. Fortunately, this may change in macOS Catalina.

    Firefox users on Mac should update the web browser to version 67.0.4 as soon as possible to keep themselves protected.

    More details can be read at Ars Technica.

    Article Link: Mozilla Patches Two Zero-Day Vulnerabilities in Firefox Used to Install Backdoors on Macs, Update Now
  2. Narial Taster macrumors member

    May 17, 2011
    How to know if one has been affected or not?
  3. coolfactor macrumors 601

    Jul 29, 2002
    Vancouver, BC CANADA
    I updated yesterday, but still don't use Firefox as my main browser. I am impressed by how much that browser has improved in terms of its elegance and design. It used to feel foreign on the Mac, but now it feels much more native.
  4. NoBoMac, Jun 21, 2019
    Last edited: Jun 21, 2019

    NoBoMac macrumors 68020


    Jul 1, 2014
    Another take-away: the Patrick Wardle blog post linked in the story. That blog has a link in there to the KnockKnock program, to scan for any issues.

  5. ___joshuaturner macrumors member


    Dec 15, 2017
    Why does this article of rather large importance get stuck in the sidebar blog while articles about Google not making tablets anymore are in the main feed for everyone to see?
  6. Secondempire macrumors member


    Oct 27, 2017
    And if you're using Tor Browser, don't forget to update it to version 8.5.3 (it's based on Firefox)
  7. BasicGreatGuy Contributor


    Sep 21, 2012
    In the middle of several books.
    Even though I rarely use Firefox, I appreciate the heads up.
  8. Sasparilla macrumors 65816

    Jul 6, 2012
    Thanks for the heads up, noticed my Mac Firefox updated yesterday (Thursday) for this on a restart.
  9. JosephAW macrumors 68020


    May 14, 2012
    What about macOS version that can't support FF 67? Any ESR updates or does this only effect modern engine?
  10. thisisnotmyname macrumors 68000


    Oct 22, 2014
    known but velocity indeterminate
    Official support goes all the way back to Mavericks, what are you running that you can't update?
  11. MacBH928 macrumors 68040


    May 17, 2008
    I really hate the modern software world, there is just no stability. You update an app today, tomorrow its another update. You just keep updating forever. I understand this is a security risk but I am tired of downloading the same app 3-4 times a week for "bug fixes and general improvements".

    Back in the day, an update meant an upgrade and it happened at most once a year.
  12. coolfactor macrumors 601

    Jul 29, 2002
    Vancouver, BC CANADA
    We live in a very different world with software that's 100x more complex.

    What you describe is exactly why Firefox and Chrome update automatically behind the scenes. If you don't update manually, it will update for you during your next app launch. At least that's the default behaviour.

    With Firefox, you really don't have to do anything. What is your primary concern exactly? Do you leave your browser running for days at a time and don't like to restart it?
  13. fairuz macrumors 68020


    Aug 27, 2017
    Silicon Valley
    IDK about Chrome, but Firefox doesn't really update behind the scenes, rather it blocks you from using it as it updates next time you start. Wouldn't be so bad by itself, but when every single third-party app is doing that kind of thing, I can understand the frustration.

    Also, game updates can be awful. One day your game breaks, or you have to wait for a 6GiB update, or they release updates that actually *remove* content due to licensing problems (GTA IV did this). Dude, I'd rather just pop in the disc and play. But idc about games anymore.
  14. JosephAW macrumors 68020


    May 14, 2012
    Mac Pro 1,1. Snow Leopard. :p
    Last official macOS is 10.7. Yeah yeah I know you can replace boot file with pikers file but I'd rather run an official OS from Apple. Oh course Windows X 64 bit runs fine.
  15. ikramerica macrumors 6502

    Apr 10, 2009
    The important thing about this article is pointing out that all versions of OS X are exposed as completely insecure because all it takes is a poorly coded trusted app to allow a third party to infiltrate your system.

    I thought the whole point of OSX security was to specifically not let this happen.
  16. justperry macrumors G3


    Aug 10, 2007
    In the core of a black hole.

    Bit off topic but related.

    Just a remark, not really a complaint.
    Better use OS X/macOS.
    It's been almost 5 years since Apple renamed OS X to macOS.
  17. ScottishDuck macrumors 6502a


    Feb 17, 2010
    Argyll, Scotland
    You're going to have a lot more security issues than just this firefox bug if you're still on snow leopard
  18. Tech198 macrumors G5

    Mar 21, 2011
    Australia, Perth
    Good to know even privacy based browsers don't get out of this one. This should stick it to those that think TOR is the king. :p
  19. ikramerica macrumors 6502

    Apr 10, 2009
    True, but all versions if OS X, no longer being updated, are basically insecure.

    macOS is still getting security updates at least back 3 if not to all 5 versions.
  20. thisisnotmyname macrumors 68000


    Oct 22, 2014
    known but velocity indeterminate
    Looks like ESR 60.7.1 received the patch too but that's still only good back to Mavericks. I don't think Snow Leopard has been supported since Firefox 52 was released. I think you're out of luck :-(
  21. Vjosullivan macrumors 6502a


    Oct 21, 2013
    Which app did you download 4 times this week?
  22. MacBH928 macrumors 68040


    May 17, 2008
    Microsoft Outlook seems to be, Amazon and eBay on weekly basis, so is Twitter. Its not surprising to download an app, and the next day you wake up there is a new update again.
    --- Post Merged, Jun 22, 2019 ---
    1-I have a lot of tabs open
    2-For every bug they fix, another thing breaks or a feature is gone
    3-I have used the same software for years and noticed 0 difference updating "bug fixes and improvements"

    I don't understand why they say software today is more complex than it used to be. Maybe some new stuff, but a lot of the software does the same exact thing they used to do 2 decades ago. Microsoft Office, web browsers, instant messengers, PC games, Search engines.

    The only new thing I see is Syncing and cloud backups, this didn't exist.
  23. Gravydog316 macrumors 6502


    May 17, 2016
    I had to downgrade Firefox, since is used all my memory.. even with wifi off & no extensions active, etc, etc...
    & Safari sucks & Chrome makes my laptop restart, so...
    --- Post Merged, Jun 23, 2019 ---
    he means updating the app(s).
    He's being facetious.
  24. Morgenland macrumors 6502a


    May 28, 2009
    Backdoors are not elegant ;-)

Share This Page

28 June 21, 2019