←back to thread

Apple Confirms Zero-Day Attacks Hitting macOS Systems

(www.securityweek.com)
262 points fortran77 | 2 comments | 20 Nov 24 00:26 UTC | HN request time: 0.424s | source
Show context
acdha ◴[20 Nov 24 00:43 UTC] No.42189685[source]
Interesting that they’re mentioned as only being exploited on Intel. Has anyone seen whether that’s because the attacker only targeted that platform or is it actually stopped by something like pointer protection?
replies(3): >>42189761 #>>42189809 #>>42189932 #
justinclift ◴[20 Nov 24 01:02 UTC] No.42189809[source]
Doesn't seem to completely line up that they're rushing out iOS updates (ie for phones, etc) for something they're saying they've only confirmed on Intel cpus.

Unless they're assuming it's exploitable on Apple Silicon as well, or are being extra careful just in case.

replies(7): >>42189876 #>>42189883 #>>42190175 #>>42190448 #>>42190733 #>>42190776 #>>42190850 #
2muchcoffeeman ◴[20 Nov 24 01:16 UTC] No.42189876[source]
There must be millions of Intel Macs still around. Why wouldn’t they update it?
replies(2): >>42189894 #>>42189940 #
wannacboatmovie ◴[20 Nov 24 01:26 UTC] No.42189940[source]
Well for starters, they stopped providing any updates for many perfectly functional Intel Macs years ago for no other reason than planned obsolescence. A side effect of the "they make both the hardware and software that's why it's better" paradigm.

Things like OpenCore Legacy Patcher prove it's possible; they just don't want to.

I don't think anyone feels entitled to new features in perpetuity. Security updates only would be fine thank you.

Don't tell me the richest company in the world can't pay for a couple of developers who just want to rest and vest to take care of and test the legacy platforms. A cushy job and you keep the customers happy.

Ironically the best way to stay safe on these computers is to install Windows or Linux.

replies(2): >>42190072 #>>42190100 #
StressedDev ◴[20 Nov 24 01:46 UTC] No.42190072[source]
Software needs longer support life cycles in general. I find it frustrating that organizations do not support operating systems, hardware, and applications for at least 10 years. Note Apple is one of the better organizations on this. Consumer router companies are notorious for shipping unpatched software. Here is what I would like to see:

1. All hardware and software should come with a highly visible end of support date.

2. All hardware and software should notify people when it is no longer receiving security patches. It should also explain to users why running unpatched software or hardware is dangerous.

replies(2): >>42190425 #>>42191523 #
wannacboatmovie ◴[20 Nov 24 02:51 UTC] No.42190425[source]
To my knowledge Apple has never published EOL or support dates in the future. Someone correct me if something has changed in the last few years.
replies(1): >>42190513 #
wtallis ◴[20 Nov 24 03:11 UTC] No.42190513[source]
https://support.apple.com/en-us/102772 outlines "vintage" and "obsolete" status for hardware products, with a few exceptions. I'm not aware of a similarly straightforward criteria or comprehensive list for software support periods.
replies(3): >>42190577 #>>42190671 #>>42191439 #
1. philistine ◴[20 Nov 24 03:49 UTC] No.42190671[source]
That list relates strictly to hardware repairs. Vintage macs have often been fully supported software-wise.
replies(1): >>42190715 #
2. wtallis ◴[20 Nov 24 03:59 UTC] No.42190715[source]
Yes, I'm fully aware that the support article I linked to is specifically about hardware support—that's why I mentioned that there isn't a similar list for software support.