OS X 10.10.2 Includes Fix for 'Thunderstrike' Hardware Exploit Affecting Macs

[windywalks]

There has been a firmware update in the package. This is probably it.

 

[Macsterguy]

EXCELLENT. I've been hoping I would eventually be able to go to a cloud based backup.

Is that what the article means OR...

Is it that iCloud Drive will be added to your local Time Machine backups...?

I don't think it is now.

 

[blacktape242]

updates for jesus! wooo! release it for the love of god!

 

[Daalseth]

Is that what the article means OR...

Is it that iCloud Drive will be added to your local Time Machine backups...?

I don't think it is now.

Oh, I hadn't thought of it that way. I hope not.

 

[nutjob]

"Apple: Securing your data*"


(*when it's profitable for us, or when someone shames us into doing it)

 

[Tech198]

Another good name Keep 'em comming

"Apple patched the vulnerability by making code changes in the upcoming software update that prevent a Mac's bootrom from being replaced or rolled back to a previous state in which it could be attacked."

I wonder is this is any relation as to the bootrom was not replaced when u downgraded ? (aka if does go to grey screen (Mavericks boot),, but not on power on anymore... u still see black for few seconds... Thus, your also now stuck with the "very basic" AHD .

Dam u Apple *shakes fist, and swears in Japanese" this is probably a first step.

 

[smithrh]

agreed, the scary scenario is international customs / border checkpoint etc IMO

Anyone like to hazard a guess on when 10.10.2 will be out? I'll be going through checkpoints that can be sketchy over the next month or so...

 

[Macsterguy]

Anyone like to hazard a guess on when 10.10.2 will be out? I'll be going through checkpoints that can be sketchy over the next month or so...

I'm betting Wed, prob Thursday

 

[HenryDJP]

I have a couple of thoughts on that Henry. You answered the question yourself. They don't need the money. It's seems excessive when competitors offer more for less. It reminds me of Verizon's decision to not follow TMo's latest changes. We're a leader, says Verizon. We don't mind losing those customers. It's not in our best interest. Company first. I'm not saying that's Apples stance, but it is a question that can be asked. Apples products do speak for themselves. Their cloud services do as well, but they speak a different language. Apples cloud services haven't exactly been best of breed. Why not offer more storage as an incentive to get more people to use them? Least of all, use it as goodwill. A way of saying thank you for supporting us. What would it hurt? As you've stated, it's not like they need the money.

All very good points!

 

[yjchua95]

It's good they're finally patching this, since being able to modify the Firmware by simply plugging in an infected Thunderbolt device and booting up has scary possibilities.

I wonder when Mavericks users are getting this patch.

Well this might be Apple's new way to force everyone to run the latest OS if they don't want to be left vulnerable.

 

[allanfries]

Apple Update, bring it!!

 

[MH01]

While I totally agree with you 100% (who wouldn't agree) but what would be Apple's incentive to offer us more free storage? Please don't say "More Mac or iDevice sales" because Apple most certainly doesn't need money and their products speak for themselves now.

Apple does not need more money, but they sure want more! While they make awesome products, maximising profits is a key criteria.

I'm sure you can work out why there is no 32gb iPhone.... I hope!

----------

"Apple: Securing your data*"


(*when it's profitable for us, or when someone shames us into doing it)

Lol... Though not that far off.

Now to convince Apple there is profit in fixing wifi

 

[szw-mapple fan]

These bugs and security holes just keep sounding more and more dramatic.

----------

Anyone like to hazard a guess on when 10.10.2 will be out? I'll be going through checkpoints that can be sketchy over the next month or so...

Or you could just register for the beta testing program, although I wouldn't really recommend it.

 

[joe-h2o]

Come on now, these are all things that you shouldn't have to do. I have dozens of devices, all types of macs (meaning non-yosemite) macs that haven't had a single problem. Don't blame the user....

He's not blaming the user. He's asked if you've done some very basic troubleshooting to try and eliminate some possibilities so that you can maybe narrow down what the problem with your install is (if it's even a software problem).

 

[smithrh]

Or you could just register for the beta testing program, although I wouldn't really recommend it.

I've been a part of the beta program, but the quality was so bad (I depend on Preview, for example) that I noped right out of it. I deleted the feedback tool, and I haven't been offered any new betas since Yosemite came out...

 

[CmdrLaForge]

I really hope they finally release this today.

 

[HenryDJP]

Apple does not need more money, but they sure want more! While they make awesome products, maximising profits is a key criteria.

I'm sure you can work out why there is no 32gb iPhone.... I hope!

Not that what you're saying isn't correct, but what you're saying actually has no bearing on the gist of my post. Another member said Apple should give us more free cloud storage, and I agreed. All I was saying is, what would be their incentive to do so? Apple penny pinches so there has to be a big enough reason for them to offer it to us......because it's not like they need to entice more customers in order to make money, because money isn't something they need. That was point.
Example, we got bigger screened iPhones because the competition proved customers wanted bigger screens and Apple didn't want to lose their customers to the competition.

When it comes to cloud storage, Apple has a large ecosystem and overall they offer much more to their customers to get work done than the competition. So just because some of the competition offers more cloud storage doesn't mean Apple sees that as a threat because the competition is losing in so many other areas.
Microsoft offers a lot of cloud storage but they have virtually no ecosystem. Hardly anyone is buying Windows Phones and sales are very soft on the Surface tablet.

 

[AnsonX10]

They should really patch the exploit where a user can use their USB ports or disc drives to install alternate operating systems.

While they're at it, the should also fix that nasty exploit where a user can use a keyboard and mouse to install software that Apple might not approve of. (dangling proposition)

They could also disable access to the internet through Safari or otherwise, because users can be tricked into installing adware or malware.

This would greatly improve the quality of life for all Mac users.

 

[rasputin1969]

Hope this finally fixes all the nas/network problems I've experienced since Mavericks. Trying to copy any large file (movie) to my nas using the finder always fails - I end up doing it through the terminal app instead. Really hacks me off.

 

[kwokaaron]

I wonder when Mavericks users are getting this patch.

Still no security love for Mavericks, or does this only affect Yosemite?

As I asked on the other vulnerability reports, is Mavericks vulnerable to this? If so, I thought Apple was supposed to provide security support 3 OS X releases backwards.

I hope there are Mountain Lion and Mavericks updates coming too.

Theoretically, I believe that this vulnerability should affect all Macs with a Thunderbolt port (except for the iMac with Retina 5K Display and the new mac mini as mentioned in the article apparently) regardless of the OS. Unfortunately, it seems Apple have decided to only patch this vulnerability for Yosemite users.

Update: I have checked the firmware update Apple has released and it seems these Models specifically have been updated (and most likely affected):

iMac (21.5-inch, Late 2013) - iMac14,1/iMac14,3
iMac (27-inch, Late 2013) - iMac14,2
iMac (21.5-inch, Mid 2014) - iMac14,4
iMac (Retina 5K, 27-inch, Late 2014) - iMac15,1
MacBook Air (11-inch, Mid 2013)/(11-inch, Early 2014) - MacBookAir6,1
MacBook Pro (Retina, Mid 2012)/(Retina, 15-inch, Early 2013) - MacBookPro10,1
MacBook Pro (Retina, 13-inch, Late 2012)/(Retina, 13-inch, Early 2013) - MacBookPro10,2
MacBook Pro (Retina, 13-inch, Late 2013)/(Retina, 13-inch, Mid 2014) - MacBookPro11,1
MacBook Pro (Retina, 15-inch, Late 2013)/(Retina, 15-inch, Mid 2014) - MacBookPro11,2
Mac mini (Late 2014) - Macmini7,1
Mac Pro (Late 2013) - MacPro6,1

 

[steve333]

Here goes nothing....

 

[echel0n]

Hope this finally fixes all the nas/network problems I've experienced since Mavericks. Trying to copy any large file (movie) to my nas using the finder always fails - I end up doing it through the terminal app instead. Really hacks me off.

I've been plagued by NAS connectivity issues with Yosemite too. I am using ethernet via Thunderbolt, true, but is there any evidence that this fix actually addresses those issues?

 

[sirdir]

This morning, wifi was again disabled. So 10.10.2 didn't solve my problem.

 

[szw-mapple fan]

I've been a part of the beta program, but the quality was so bad (I depend on Preview, for example) that I noped right out of it. I deleted the feedback tool, and I haven't been offered any new betas since Yosemite came out...

Same here. For some reason my iPod mini (yes, from 10 years ago) wouldn't sync with the iTunes on 10.10.2 beta.

 

[RPV69]

10.8.5 and 10.10.2 dual boot?

Hi guys. Here's a question.

I'm currently running 10.8.5 on my Mac mini, and would like to install 10.10.2 on a separate partition so I can dual boot.

Is there any risk that the 10.10.2 Thunderstrike boot ROM code changes would prevent 10.8.5 from booting after the 10.10.2 install?

Richie