Canadian Mac Forums at ehMac banner

Apple releases Security update for Mac, iOS, and Safari

2726 Views 19 Replies 10 Participants Last post by  Macfury
The latest update is getting a lot of news today. The security vulnerability can allow attackers to take full control of your device. Info from Apple Support is here. Apple security updates

The latest versions are...
1 - 5 of 20 Posts
There's no mention on the security vulnerability of older versions of the OS. I have to assume that they're vulnerable as well, but there seems to be no options for those of us that can't upgrade to the latest OS.
Well, first, that's not true. There are plenty of third party anti-virus utilities that will protect you from any exploit in the wild for the Macintosh. There are even entirely free ones. So you are flush with options.

Second, even if you have an older Mac, and even if it has a potential vulnerability that isn't patched, it's highly unlikely that you are going to see an exploit for that vulnerability.

Here’s the thing. Modern malware is almost exclusively written for financial gain. (With the odd bit of malware written to target a particular socio-political group, usually in the far east. These exploits usually aren’t seen in the west.) Whether it is to serve up ads, or to scam users out of their money, it is all about a profit motive.

In addition, modern malware tends to take a significant amount of time and money to write. The Mac isn’t easy to write malware for, and when a potential vulnerability in the Mac is found, the bad guys have to strike as quickly as possible before it is patched. But “striking quickly” usually still means that it will take months to push out a new exploit, representing a large investment in time and money.

Also, since it apparently has proven to be exceedingly difficult to write actual viruses (i.e. self-propagating/diseminating malware) for the Mac, any malware written for the Mac will almost certainly be a Trojan Horse that will be very difficult to disseminate to a large audience before it is discovered and shut down.

So, the bad guys are looking for potential vulnerabilities that Apple doesn’t know about, which are likely to go unpatched for many months into the future, they want any exploit that they write to have the maximum number of potential victims, and they want to be able to reach as many of those victims as possible, as quickly as possible. This is all a difficult feat.

Presumably, even if older versions of the Mac OS are just as vulnerable to a newly discovered potential vulnerability in the Macintosh as newer Macs are, once the majority of newer Macs have been patched, it will become uneconomical for the bad guys to target this vulnerability. By the time that the bad guys are able to push an exploit out, there will be way too few potential targets left to infect to be able to recoup the investment of time and money they put into creating the exploit.

At least that's the way that it has tended to work out in the past. Owners of old Macs haven’t been beset by unpatched-against malware. Estimates of the numbers of users still using older versions of the Macintosh OS tend to show that there are surprisingly few users of versions that are so old that they no longer receive any security updates from Apple.

Global macOS version market share 2018-2021 | Statista

So, older Macs by themselves simply aren’t a viable target for malware writers. And existing malware that can no longer effectively target recent Macs tends not to remain in the wild because it can’t self-replicate/disseminate, so it isn’t a significant threat to older Macs.

If it does occur that there is a bit of malware in the wild that is patched in newer Macs, but which is still going around infecting older Macs (and this has been the case years ago), it’s extremely likely that someone in the Macintosh community will come up with a free patch (which, once again, was the case in the past).

As long as Apple remains fairly diligent about patching against security vulnerabilities in the most recent versions of the Mac OS, the entire Macintosh community should remain safe due to a sort of “herd immunity” effect.

That's why I'll never buy another Mac. This built in obsolescence is outrageous.
Well, best of luck to you finding an operating system and computing platform better than the Macintosh. I'm sure that we will all miss you. Please write now and then and tell us all about how much better your (different) computer is. I'm sure that we would all be fascinated to hear about what that better computer is.
See less See more
  • Like
Reactions: 2
... when I try to install what is presumably the latest Security Update for this OS, 2020-006, it won't complete & tells me this update is no longer recommended.
Let me suggest that you try this free utility:

SilentKnight (free)

SilentKnight checks to see if you have the latest Apple security update installed, and if you don't, you can download and install it right from within the program.

Lastly, I'd appreciate your suggestions for free AV software. I've been using free Malwarebytes but it tells me its updates are not current & "Check for Updates" does nothing. Scanning still works but it worries me I'm out of date to threats.
I'm extremely leery of MalwareBytes since they came out with the nagware/commercial version. Download:
EasyFind (free)

and do a search for "MalwareBytes" on your Mac if you have MalwareBytes installed. You will find as many as 24 files (the number, oddly, varies for each user) for MalwareBytes installed all over your system. What do you think that they are all doing? I'd use EasyFind to delete all traces of MalwareBytes from your system.

I now recommend this very similar, but entirely free program instead of MalwareBytes for dealing with adware:

DetectX Swift (free)

While DetectX Swift is a very effective product for dealing with adware, contrary to what it says on their Web site, it is not a comprehensive anti-malware program.

For comprehensively dealing with malware I recommend:

VirusBarrier Free Edition (free)
This is a full version of Intego's excellent commercial anti-virus program VirusBarrier [usually $40/year] minus some [but not all] of the automated scanning features in the commercial version. This isn't just a nice free product, in the past VirusBarrier has won all the believable third party anti-virus comparison tests.
See less See more
I’m not sure if a user should use more than one malware checker. MWB seems to work free. Should I care what those 24 pieces are doing? I mean, it’s overreach but so what? (FAF found 24!)
Well...hmmm...think about it. You're using a free utility. So they aren't making money from you paying for the utility. How might they be making their money? Might it be the same way that Google makes their money from their free utilities? Might those 24 files be doing something like...spying on you?

When I see a software application that has installed a huge number of files deeply in my Mac's system, for no discernible reason, that rings an alarm bell in my head. It doesn't for you?

Doesn’t EasyFind do the same job as Find Any File? (Also donationware.)
EasyFind is free, not donationware. But, yes, they do the same thing. The point isn't that you specifically need EasyFind, but that I was suggesting that you use something that will search everywhere on your hard drive. Spotlight won't suffice at it only searches where Apple wants you to be searching.
See less See more
Randy, I'm not sure I understand this criticism. It's perfectly easy to continue to use Malwarebytes for free without hassles.
II thought that my concerns were clear, and they really have nothing to do with whether or not Malwarebytes is free. The free vs. pay argument sounds to be purposely obfuscating the issue that I was pointing out.

For others reading, if you have Malwarebytes installed and you decide to remove it, please don't do it this way. This is nothing against EasyFind, which is an excellent tool for finding things... but it is absolutely NOT the right tool for uninstalling software. Instead, use the Malwarebytes uninstaller, which will properly remove everything, ensuring that any actively running Malwarebytes processes are terminated without requiring a restart.
The very fact that Malwarebytes has components that are running outside and separate from the main program itself, thus requiring a special uninstaller program to remove them, seems very disturbing to me.

I'm not going to get into an argument with you over it, but Malwarebytes has had dishonest advertising in the past, and it now has a very invasive program, at a low level in the Mac OS. There are alternatives to Malwarebytes for which I can't level the same concerns, so personally I recommend them over Malwarebytes.

There are, of course, weasels who would invite someone like you here to argue over this, and speak out of both sides of their mouth. Other list members should take note of this.
See less See more
What exactly is your concern here, and why are you not leveling that same concern at Zoom, Adobe, Microsoft, and countless others?
Exactly. Many folks DO have those same concerns about those programs. In fact, when Covid hit and Zoom became extremely popular overnight, folks leveled a lot of criticism at Zoom for being extremely suspect with regard to security. In response, and seeing the need to become more trustworthy during the crisis, Zoom quickly re-engineered it's platform to be less invasive and more trustworthy. (Many folks STILL have their doubts about how trustworthy Zoom is.)

I assume that I don't need to tell you how many (most?) folks feel about how trustworthy Microsoft and Adobe are. Brilliant examples, thank you.

So, wait a minute here... you're saying that someone who made me aware of the things you were saying about me and my product behind my back is a "weasel?"
Oh yes, he is most definitely a weasel. He's outed himself to everyone here. (But from what I'm hearing, it's not a huge revelation.)

As far as the things that I've said about you and your product "behind your back" (in a very public forum)....I haven't said anything derogatory about you personally (in fact, I've called you "a superhero") other than that you are now an employee of a company and you have a vested interest. Don't try to tell me that you don't. If you didn't you'd still be writing articles doing unbiased reviews and comparison tests of all the AV programs available. But you aren't. You are now a commercial developer on a payroll. No one expects you to say anything other than that your company's product is great. Forgive me, but most developers know enough to STFU in a forum such as this, unless they can simply point to unbiased testing of their product from a source with no financial interest (most AV testing sites these days are either thinly veiled shill sites, or they are extremely suspect because they don't divulge their methodology and their results don't pass the smell test). Ironically, the last really good, reliable source for that was your own SafeMac Web site (which I still often cite to even though it is mostly out of date).
See less See more
1 - 5 of 20 Posts
This is an older thread, you may not receive a response, and could be reviving an old thread. Please consider creating a new thread.