Mozilla Patches Two Zero-Day Vulnerabilities in Firefox Used to Install Backdoors on Macs, Update Now

Discussion in 'Mac Blog Discussion' started by MacRumors, Jun 21, 2019.

  1. MacRumors macrumors bot

    MacRumors

    Joined:
    Apr 12, 2001
    #1
    [​IMG]


    Mozilla has patched two zero-day security vulnerabilities in Firefox that allowed backdoors to be installed on Macs, bypassing Apple's usual XProtect and Gatekeeper protections. Firefox users should update the browser immediately.

    [​IMG]

    Ars Technica's Dan Goodin:
    The zero-days were exploited by unnamed hackers this week, but so far, attacks are known only to have targeted Mac users involved in cryptocurrency.


    As noted by Mac security expert Patrick Wardle, XProtect and Gatekeeper provided no protection in this case, as they only scan applications that have a quarantine flag set. Fortunately, this may change in macOS Catalina.

    Firefox users on Mac should update the web browser to version 67.0.4 as soon as possible to keep themselves protected.

    More details can be read at Ars Technica.

    Article Link: Mozilla Patches Two Zero-Day Vulnerabilities in Firefox Used to Install Backdoors on Macs, Update Now
     
  2. Narial Taster macrumors member

    Joined:
    May 17, 2011
    #3
    How to know if one has been affected or not?
     
  3. coolfactor macrumors 601

    Joined:
    Jul 29, 2002
    Location:
    Vancouver, BC CANADA
    #4
    I updated yesterday, but still don't use Firefox as my main browser. I am impressed by how much that browser has improved in terms of its elegance and design. It used to feel foreign on the Mac, but now it feels much more native.
     
  4. NoBoMac, Jun 21, 2019
    Last edited: Jun 21, 2019

    NoBoMac macrumors 68020

    NoBoMac

    Joined:
    Jul 1, 2014
    #5
    Another take-away: the Patrick Wardle blog post linked in the story. That blog has a link in there to the KnockKnock program, to scan for any issues.

     
  5. ___joshuaturner macrumors member

    ___joshuaturner

    Joined:
    Dec 15, 2017
    #6
    Why does this article of rather large importance get stuck in the sidebar blog while articles about Google not making tablets anymore are in the main feed for everyone to see?
     
  6. Secondempire macrumors member

    Secondempire

    Joined:
    Oct 27, 2017
    #7
    And if you're using Tor Browser, don't forget to update it to version 8.5.3 (it's based on Firefox)
     
  7. BasicGreatGuy Contributor

    BasicGreatGuy

    Joined:
    Sep 21, 2012
    Location:
    In the middle of several books.
    #8
    Even though I rarely use Firefox, I appreciate the heads up.
     
  8. Sasparilla macrumors 65816

    Joined:
    Jul 6, 2012
    #9
    Thanks for the heads up, noticed my Mac Firefox updated yesterday (Thursday) for this on a restart.
     
  9. JosephAW macrumors 68020

    JosephAW

    Joined:
    May 14, 2012
    #10
    What about macOS version that can't support FF 67? Any ESR updates or does this only effect modern engine?
     
  10. thisisnotmyname macrumors 68000

    thisisnotmyname

    Joined:
    Oct 22, 2014
    Location:
    known but velocity indeterminate
    #11
    Official support goes all the way back to Mavericks, what are you running that you can't update?
     
  11. MacBH928 macrumors 68040

    MacBH928

    Joined:
    May 17, 2008
    #12
    I really hate the modern software world, there is just no stability. You update an app today, tomorrow its another update. You just keep updating forever. I understand this is a security risk but I am tired of downloading the same app 3-4 times a week for "bug fixes and general improvements".

    Back in the day, an update meant an upgrade and it happened at most once a year.
     
  12. coolfactor macrumors 601

    Joined:
    Jul 29, 2002
    Location:
    Vancouver, BC CANADA
    #13
    We live in a very different world with software that's 100x more complex.

    What you describe is exactly why Firefox and Chrome update automatically behind the scenes. If you don't update manually, it will update for you during your next app launch. At least that's the default behaviour.

    With Firefox, you really don't have to do anything. What is your primary concern exactly? Do you leave your browser running for days at a time and don't like to restart it?
     
  13. fairuz macrumors 68020

    fairuz

    Joined:
    Aug 27, 2017
    Location:
    Silicon Valley
    #14
    IDK about Chrome, but Firefox doesn't really update behind the scenes, rather it blocks you from using it as it updates next time you start. Wouldn't be so bad by itself, but when every single third-party app is doing that kind of thing, I can understand the frustration.

    Also, game updates can be awful. One day your game breaks, or you have to wait for a 6GiB update, or they release updates that actually *remove* content due to licensing problems (GTA IV did this). Dude, I'd rather just pop in the disc and play. But idc about games anymore.
     
  14. JosephAW macrumors 68020

    JosephAW

    Joined:
    May 14, 2012
    #15
    Mac Pro 1,1. Snow Leopard. :p
    Last official macOS is 10.7. Yeah yeah I know you can replace boot file with pikers file but I'd rather run an official OS from Apple. Oh course Windows X 64 bit runs fine.
     
  15. ikramerica macrumors 6502

    Joined:
    Apr 10, 2009
    #16
    The important thing about this article is pointing out that all versions of OS X are exposed as completely insecure because all it takes is a poorly coded trusted app to allow a third party to infiltrate your system.

    I thought the whole point of OSX security was to specifically not let this happen.
     
  16. justperry macrumors G3

    justperry

    Joined:
    Aug 10, 2007
    Location:
    In the core of a black hole.
    #17

    Bit off topic but related.

    Just a remark, not really a complaint.
    Better use OS X/macOS.
    It's been almost 5 years since Apple renamed OS X to macOS.
     
  17. ScottishDuck macrumors 6502a

    ScottishDuck

    Joined:
    Feb 17, 2010
    Location:
    Argyll, Scotland
    #18
    You're going to have a lot more security issues than just this firefox bug if you're still on snow leopard
     
  18. Tech198 macrumors G5

    Joined:
    Mar 21, 2011
    Location:
    Australia, Perth
    #19
    '
    Good to know even privacy based browsers don't get out of this one. This should stick it to those that think TOR is the king. :p
     
  19. ikramerica macrumors 6502

    Joined:
    Apr 10, 2009
    #20
    True, but all versions if OS X, no longer being updated, are basically insecure.

    macOS is still getting security updates at least back 3 if not to all 5 versions.
     
  20. thisisnotmyname macrumors 68000

    thisisnotmyname

    Joined:
    Oct 22, 2014
    Location:
    known but velocity indeterminate
    #21
    Looks like ESR 60.7.1 received the patch too but that's still only good back to Mavericks. I don't think Snow Leopard has been supported since Firefox 52 was released. I think you're out of luck :-(
     
  21. Vjosullivan macrumors 6502a

    Vjosullivan

    Joined:
    Oct 21, 2013
    #22
    Which app did you download 4 times this week?
     
  22. MacBH928 macrumors 68040

    MacBH928

    Joined:
    May 17, 2008
    #23
    Microsoft Outlook seems to be, Amazon and eBay on weekly basis, so is Twitter. Its not surprising to download an app, and the next day you wake up there is a new update again.
    --- Post Merged, Jun 22, 2019 ---
    1-I have a lot of tabs open
    2-For every bug they fix, another thing breaks or a feature is gone
    3-I have used the same software for years and noticed 0 difference updating "bug fixes and improvements"

    I don't understand why they say software today is more complex than it used to be. Maybe some new stuff, but a lot of the software does the same exact thing they used to do 2 decades ago. Microsoft Office, web browsers, instant messengers, PC games, Search engines.

    The only new thing I see is Syncing and cloud backups, this didn't exist.
     
  23. Gravydog316 macrumors 6502

    Gravydog316

    Joined:
    May 17, 2016
    Location:
    Canada
    #24
    I had to downgrade Firefox, since is used all my memory.. even with wifi off & no extensions active, etc, etc...
    & Safari sucks & Chrome makes my laptop restart, so...
    --- Post Merged, Jun 23, 2019 ---
    he means updating the app(s).
    He's being facetious.
     
  24. Morgenland macrumors 6502a

    Morgenland

    Joined:
    May 28, 2009
    Location:
    Europe
    #25
    Backdoors are not elegant ;-)
     

Share This Page

28 June 21, 2019