- This is an addendum to the Increments page specifically for Mac OS GPU Selection So, What AMD GPUs Aren’t Safe? As far as we can tell from our (extensive) research, Hawaii cards (The R9 290, 290X, 390, and 390X) are the first cards that shipped with the reset bug.
- I should have checked the git issues before, but I can confirm the bug on Firefox 42 on OS X 10.11. Behaves like expected in all other browsers. Removed will-change and it seems to work again in Firefox.
- Apple's Fast User Switching — introduced in 2003's OS X Panther, and a convenient security feature — is reportedly causing problems with some M1 Macs. The feature lets users have more than one.
Apple in macOS Big Sur 11.3 fixed a bug that could have allowed attackers to bypass the Mac's security mechanisms with a malicious document.
The software flaw allowed attackers to create a malicious application that could masquerade as a document, TechCrunchreported Monday. Security researcher Cedric Owens first discovered the bug in March.
According to Owens, 'all the user would need to do is double click — and no macOS prompts or warnings are generated.' The researcher created a proof-of-concept app that exploited the flaw to launch the Calculator app.
'There appears to be a serious bug in macOS High Sierra that enables the root superuser on a Mac with with a blank password and no security check.'
Although Owens' demonstration app was harmless, a malicious attacker could have leveraged the vulnerability to remotely access sensitive data or other information on a user's machine by tricking them into clicking a spoofed document.
Security researcher and Mac specialist Patrick Wardle also reported that the bug is being actively exploited in the wild as a zero-day vulnerability. He added that the flaw was caused by a logic issue in macOS's code.
Apple told TechCrunch that it patched the bug in macOS Big Sur 11.3, which the Cupertino tech giant released on Monday. In addition to that release, Apple also issued patches for the flaw to macOS Catalina and macOS Mojave.
In addition to patching the specific vulnerability, Apple's macOS Big Sur 11.3 update also includes fixes for a bevy of other security flaws.
Ahhhh Bugs Mac Os X
macOS Big Sur 11.3 should now be available as an over-the-air update to all users on compatible Macs.
AppleInsider has affiliate partnerships and may earn commission on products purchased through affiliate links. These partnerships do not influence our editorial content.
Heartbleed. Shellshock. Well we’ve learned the names of these dangerous bugs that sound like Taylor Swift song titles. Heartbleed affected virtually every website out there. It was a notorious bug that had laid dormant for years and while the fix was easy, it had to be implemented by every individual developer.
Security expert Robert Graham says Shellshock is bigger than Heartbleed.
I think I was wrong saying #shellshock was as big as #heartbleed. It’s bigger.
— () {:;}Robert Graham (@ErrataRob) September 25, 2014
So what exactly is this Shellshock bug and how does it affect your Mac? Let’s talk about it and the solution.
What Is Shellshock?
Underneath the graphical user interface runs code – commands that run processes and provide you with the output on the screen.
In Bash, the command line interface in OS X, a string of text can be stored as a variable. Programmers turn text into variables so they don’t have to type them again and again.
For example you can say:
Z ='this is a long string of text'
And later on if you say echo $Z, the command line will insert the text where you want it. This is meant to be treated as text and not as a command. And this is where the bug is.
In the Bash command line used by Linux and OS X, if you type a certain character at the start of the variable, you can turn it into a command.
The text being: () { :;};
This means that commands that were not sanctioned by the system or the developer, even commands that are blocked due to their malicious or disruptive nature can run if they have this prefix.
Shellshock (or the Bash bug if we’re being technical) is only limited to UNIX based systems. Meaning OS X and Linux. Windows users are not affected by this bug.
For a more technical explanation check out Vox’s excellent breakdown of the Shellshock bug. Alternatively, check out the video below for the same simple explanation, in a British accent.
How Does The Shellshock Bug Affect You
Directly, it does not.
But while apps in OS X run in a sandboxed mode, they do talk to each other – to offload tasks to other apps or to ask for system level functionality. All this talk takes place using code, in the Terminal.
During one of these exchanges, one app can add the prefix in the quotes and turn it into a command. These commands can either wipe your computer, render it useless, copy the contents of your drive or any number of things possible via the command line.
How To Patch The Shellshock Bug
Fortunately, Apple has said that only a small number of OS X users are susceptible to the Shellshock bug. But it’s advisable that if you are on a Mac running OS X Lion, Mountain Lion or Mavericks, install the fix update from the links below. There’s no fix for Yosemite beta users yet.
- Lion
- Mountain Lion
- Mavericks
The update for Mavericks is only 3.2 MB and comes as a DMG file. The process of installation is simple and you don’t even need to restart your Mac.
It’s a standard package installer in a DMG file. Open the installer and press Next a couple of times and the update will be installed.
Ahhhh Bugs Mac Os Catalina
That’s about it. Stay safe.
Top image via Shutterstock
The above article may contain affiliate links which help support Guiding Tech. However, it does not affect our editorial integrity. The content remains unbiased and authentic.
Read Next
Ahhhh Bugs Mac Os Download
Alfred 4 vs Spotlight: Should You Replace Spotlight on Mac
Alfred 4 is a worthy competitor to