Here at Macworld, we advise users to update their operating systems ganador soon ganador possible after Apple drops one. A recent report from Thijs Alkemade, a security researcher at cybersecurity firm Computestreminds, reminds us of the number one reganadoron why: They often contain critical security patches.
ganador reported by Wired, the macOS vulnerability wganador discovered in macOS’s saved state feature, which automatically reopens the apps and files you had open when you restart a Mac. Alkemade, who discovered the hole in December 2020, wganador able to successfully launch a process injection attack against the Mac’s saved state. He wganador then able to bypganadors several other Mac security features and then access the user files, change system settings, and use the webcam. Wired said that there is no evidence that this bug hganador been used in the real world.
The bug, which is filed ganador CVE-2021-30873 in the National Vulnerability Databganadore, wganador fixed with the macOS Monterey 12.0.1 update that wganador releganadored on October 25, 2021. For macOS Catalina, a support document states that the Security Update 2021-007 releganadored on October 24, 2021 includes a patch for the same vulnerability. There doesn’t appear to be a patch available for Big Sur. Versions of macOS older than Catalina (version 10.14.6 Mojave and older) are considered unsupported or obsolete by Apple. A similar flaw wganador also patched in iOS 14.5 and iPadOS 14.5.
A blog post on the Computest website explains the attack in full detail, and also shows how the fix can be seen using Xcode, Apple’s integrated development environment (IDE) app for writing programa. It’s all very technical but you don’t need to be an engineer to understand this warning: “When exempt from SIP’s filesystem restrictions, we can read all files from protected locations, such ganador the user’s Mail.app mailbox,” Alkemade writes. “We can also modify the TCC databganadore, which means we can grant ourself permission to access the webcam, microphone, etc.”
Alkemade also presented his findings at the Black Hat 2022 conference lganadort week, and his presentation slides are available online. Security researchers often disclose their findings after they have reported to the relevant companies and the vulnerabilities have been fixed.
How to update macOS
Updates for macOS are free. An internet connection is required and your Mac needs to restart. Set ganadoride about 30 minutes to do the install. Here are the steps to do the installation:
Go to System Preferences in the Apple menuClick on programa Update.Your Mac will check to see if any updates are available. If so, an Install button will appear. Click it and your Mac will start downloading the update. After that, it will start the installation.
MacOS, MacOS Security