You MUST update to 10.12.6 IMMEDIATELY!

Discussion in 'Mac Apps and Mac App Store' started by SteveJobzniak, Jul 28, 2017.

  1. SteveJobzniak macrumors 6502

    SteveJobzniak

    Joined:
    Dec 24, 2015
    #1
    I saw the new Sierra 10.12.6 and let it sit for a few days.

    Now I just read through the changes:
    https://support.apple.com/en-us/HT207921

    Safari 10.1.2 (for macOS 10.12.6)

    WebKit
    Available for: OS X Yosemite 10.10.5, OS X El Capitan 10.11.6, and macOS Sierra 10.12.6
    Impact: Processing maliciously crafted web content may lead to arbitrary code execution
    Description: Multiple memory corruption issues were addressed with improved memory handling.
    CVE-2017-7018: lokihardt of Google Project Zero
    CVE-2017-7020: likemeng of Baidu Security Lab
    CVE-2017-7030: chenqin of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室)
    CVE-2017-7034: chenqin of Ant-financial Light-Year Security Lab (蚂蚁金服巴斯光年安全实验室)
    CVE-2017-7037: lokihardt of Google Project Zero
    CVE-2017-7039: Ivan Fratric of Google Project Zero
    CVE-2017-7040: Ivan Fratric of Google Project Zero
    CVE-2017-7041: Ivan Fratric of Google Project Zero
    CVE-2017-7042: Ivan Fratric of Google Project Zero
    CVE-2017-7043: Ivan Fratric of Google Project Zero
    CVE-2017-7046: Ivan Fratric of Google Project Zero
    CVE-2017-7048: Ivan Fratric of Google Project Zero
    CVE-2017-7052: cc working with Trend Micro's Zero Day Initiative
    CVE-2017-7055: The UK's National Cyber Security Centre (NCSC)
    CVE-2017-7056: lokihardt of Google Project Zero
    CVE-2017-7061: lokihardt of Google Project Zero

    Guys... that's like 15 different memory exploits which allow malicious websites to run code on your system. Even if they just run with non-root privileges they could still install trojans, encrypting ransomware of all your personal files, spyware, etc.

    But it gets worse! 10.12.6 itself has tons of fixes:

    https://support.apple.com/en-us/HT207922

    They've fixed tons of issues where viewing photos and videos can execute arbitrary code.

    Including:
    AppleGraphicsPowerManagement
    Available for: macOS Sierra 10.12.5, OS X El Capitan 10.11.6, and OS X Yosemite 10.10.5
    Impact: An application may be able to execute arbitrary code with system privileges
    Description: A memory corruption issue was addressed with improved memory handling.
    CVE-2017-7021: sss and Axis of Qihoo 360 Nirvan Team

    So a malicious app can run root code. And there's tons more of those that were fixed, allowing apps to run with system/kernel privileges. This is bad. Update immediately!

    It's good that Apple is fixing all of this. This is a really critical OS update!
     
  2. Phil in ocala macrumors 6502a

    Phil in ocala

    Joined:
    Jul 14, 2016
    #2
    Pass....I am running 10.11.6 and its not broken....therefore I have no interest in fixing it.
     
  3. s15119 macrumors 65816

    s15119

    Joined:
    Nov 20, 2010
  4. SteveJobzniak thread starter macrumors 6502

    SteveJobzniak

    Joined:
    Dec 24, 2015
    #4
    Okay, then simply pray that the badguys don't know about these exploits. ;)
    --- Post Merged, Jul 28, 2017 ---
    10.12 has matured by now. It's pretty perfect.
     
  5. robgendreau macrumors 68040

    Joined:
    Jul 13, 2008
    #5
    I guess you don't consider security flaws to be "broken" parts of an OS. Odds are nothing will happen, but that's the kind of recalcitrance the Black Hats have been exploiting for years, and that they count upon.
     
  6. ikir macrumors 65816

    Joined:
    Sep 26, 2007
    #6
    The worst thing an user can say.
     
  7. Rigby macrumors 601

    Joined:
    Aug 5, 2008
    Location:
    San Jose, CA
    #7
    Not to forget Broadpwn, which could be used to create worms that jump from device to device via Wifi. The presentation yesterday at Blackhat was quite impressive (and scary) ...
     
  8. SteveJobzniak thread starter macrumors 6502

    SteveJobzniak

    Joined:
    Dec 24, 2015
    #8
    Yep, that one is very scary. I updated as soon as the iOS fix came out. Android devices often won't even get any firmware updates to fix it, hmm. Poor guys. They'll remain vulnerable.

    Actually, stuff like this is why I don't jailbreak my iOS devices. I want to be on the latest OS releases to be sure I'm not running software full of security holes. Heck, jailbreaking itself is always done via a security hole that some badguy can also exploit.
     
  9. Phil in ocala macrumors 6502a

    Phil in ocala

    Joined:
    Jul 14, 2016
    #9
    _______________________________________
    My Mac has no problems with 10.11.6, it is stable ....yet you say...its the worst thing? Perhaps you should considering replacing the engine in your car too...while you are at it...the transmission too...
     
  10. SteveJobzniak thread starter macrumors 6502

    SteveJobzniak

    Joined:
    Dec 24, 2015
    #10
    Audi Press Release: "Our cars digital engine system have a critical firmware bug which may sometimes cause them to speed uncontrollably with no ability to brake until you smash into a wall. And hackers are able to exploit this remotely to kill you. We have released a critical firmware update today. Please upgrade and save lives!"

    Phil in ocala: "Hasn't happened to me, my car seems stable to me... Let's not fix what isn't broken. I'll stay on the old firmware. Thanks."

    :p
     
  11. hanser macrumors regular

    Joined:
    Aug 29, 2013
    #11
    If I read the first post correctly the security update it Capitan should suffice.
     
  12. InuNacho macrumors 65816

    InuNacho

    Joined:
    Apr 24, 2008
    Location:
    In that one place
    #12
    If Apple would simply stop breaking software compatibility, then I'd update. Until that day comes I have to stay on 10.9.
     
  13. DevNull0 macrumors 68000

    Joined:
    Jan 6, 2015
    #13
    Except that the way Apple runs things, upgrading the OS forces you to upgrade a ton of stuff you may not want to; iTunes for example.

    If you're running Parallels 9, you're going to have to pay for an upgrade to switch to 10.12, and another upgrade when you go to 10.13. Though personally i fell for that when I bought Parallels 7 and will not buy into their scam again.

    Bottom line is there's many reasons you may not want to upgrade.
     
  14. posguy99 macrumors 6502a

    Joined:
    Nov 3, 2004
    #14
    Without specifics, that's meaningless. What application? Is it Apple's fault, the vendor's fault, or are you just sitting on an old version of something?
     
  15. FireArse macrumors 6502a

    Joined:
    Oct 29, 2004
    #15
    There are recent (July 2017) security updates for 10.11.6. Suggest readers get this installed because it'll likely cover the same vulnerabilities.

    F
     
  16. InuNacho macrumors 65816

    InuNacho

    Joined:
    Apr 24, 2008
    Location:
    In that one place
    #16
    A combination of all 3.
    Right now my main mac is a 4,1 Mac Pro which cannot run anything beyond 10.11.6. I run the video production suite of CS6 and some obscure scanner software that hasn't been updated in forever but works wonderfully. I've tried expirementing with 10.11 and none of the software I use to run various scanners or printers plays nice. They crash or I get all kinds of errors.
    I don't see the point in paying Adobe to lease software that was perfectly usable a day before an update.
     
  17. SteveJobzniak thread starter macrumors 6502

    SteveJobzniak

    Joined:
    Dec 24, 2015
    #17
    You can flash the 4.1 Mac Pro with 5.1 firmware and it will install Sierra as if it was a 5.1.
     
  18. InuNacho macrumors 65816

    InuNacho

    Joined:
    Apr 24, 2008
    Location:
    In that one place
    #18
    Unfortunately that would only solve 1/3 of my problem.
     

Share This Page