Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.

Confused-User

macrumors 6502a
Original poster
Oct 14, 2014
710
804
When "Regresshion" was announced, there was some question about how easily if at all it could be used against MacOS. Apple did not provide any useful info, though it seems likely to have been a real issue. There was a workaround ("LoginGraceTime 0" in sshd's config file) with modest drawbacks, which I've been using.

After updating to 13.6.9 and reapplying my local patches/changes (like NFS configs), I wanted to know if sshd had been patched for this issue.

The answer is: YES, Regresshion is now fixed (if it ever was an issue). It was a little hard to find - I found nothing about this via google directly - so I'm posting this here now in the hope that it will be useful to future searchers.

The way to figure this out is to get the CVE # (CVE-2024-6387) and search Apple's security tech notes. HT214118 through HT214120 state that this CVE is fixed as of MacOS 12.7.6, 13.6.8, and 14.6.

Some earlier MacOSes will remain vulnerable, and should use the workaround if they allow inbound SSH.
 
Register on MacRumors! This sidebar will go away, and you'll see fewer ads.