Hi Ronni … and thank you once again, I have not used the sleep function since I discovered that was ejecting my Backup Drive. I recall yourself or someone else at WAMUG suggesting that later iMacs sleep using so little power that USB Hard Drives tend to eject because of this. The suggestion was that HD manufacturers needed to catch up with Apple’s technology. Unfortunately I am still waiting for that.
So I really just mentioned the Malware business in case others might not be aware of it. > On 8 Jun 2015, at 8:00 am, Ronda Brown <ro...@mac.com> wrote: > > Hello Stephen, > > I don't think you need to unduly worry about this report, the original > mention of this came out over a week ago, and I'm sure Apple are aware of > this 'Report' and if necessary they would release a firmware and/or security > update. > > If you feel more comfortable don't let your Mac go to sleep. > Or shutdown your Mac. > > Symantec mention in their report: > > "Affected Mac users are advised to keep their software up to date since > remote exploit of this vulnerability needs to be performed in conjunction > with another vulnerability that will provide remote root access. > Updating software will prevent attacks using known exploits." > > "Symantec said there had been no reports of the vulnerability being exploited > in the wild. However, it did stress the likelihood of attacks" > --- > I tend to agree with jcrhunter comments, that this is a hypothetical problem. > > Quote: > jcrhunter <http://www.cnet.com/profile/jcrhunter>Jun 6, 2015 > If I understand the statement from Symantec this vulnerability requires a > simultaneous root access vulnerability to exploit. The article states "While > such (root) vulnerabilities are not widespread, they do emerge from time to > time" but it doesn't state if there are any root access vulnerabilities at > the current time. > > If you need two things to take over a Mac but only one exists then I don't > see how this is anything other than a hypothetical problem. It could be an > issue if there were also a root access exploit, but there's not so how is > this "critical" in the absence of root access? And if the attacker already > had root access wouldn't that be the bigger problem? > > > > > Cheers, > > Ronni > > Sent from Ronni's iPad4 > > > > On 7 Jun 2015, at 4:04 pm, Stephen Chape <chap...@bigpond.com > <mailto:chap...@bigpond.com>> wrote: > >> Should we be worried about this ? >> >> http://www.cnet.com/news/symantec-confirms-existence-of-unpatched-rootkit-mac-security-flaw/?tag=nl.e703&s_cid=e703&ttag=e703&ftag=CAD090e536 >> >> <http://www.cnet.com/news/symantec-confirms-existence-of-unpatched-rootkit-mac-security-flaw/?tag=nl.e703&s_cid=e703&ttag=e703&ftag=CAD090e536> >> >> >> Regards, >> Stephen Chape >> > -- The WA Macintosh User Group Mailing List -- > Archives - <http://www.wamug.org.au/mailinglist/archives.shtml> > Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml> > Settings & Unsubscribe - > <http://lists.wamug.org.au/listinfo/wamug.org.au-wamug> Regards, Stephen Chape
-- The WA Macintosh User Group Mailing List -- Archives - <http://www.wamug.org.au/mailinglist/archives.shtml> Guidelines - <http://www.wamug.org.au/mailinglist/guidelines.shtml> Settings & Unsubscribe - <http://lists.wamug.org.au/listinfo/wamug.org.au-wamug>
