ADVISORIESget help

Print

Multiple OS X Vulnerabilities Discovered

August 10, 2015

IT Services is advising the SFU the community that a number of serious OS X vulnerabilities have been discovered for which there are presently no vendor patches.

These are NOT viruses, but they do present a real security threat.

General

In recent months, Apple's OS X Desktop operating system has been the target of a number of serious exploits. Some of the vulnerabilities have been disclosed, while others, like the firmware "worm", have not been made public.

Apple has announced forthcoming fixes for the vulnerabilities listed above, but it is unlikely these patches will be back-ported to legacy operating systems.

We therefore strongly recommend ALL SFU users upgrade to Apple latest operating system (OS X 10.10) Yosemite.

SFU-owned Machines

For users with SFU-owned machines, you should contact your local IT to arrange an appropriate time to upgrade. IT Services technicians will help you to upgrade your machine safely.

Personal Machines

SFU community members with personal machines can upgrade their own machines via the Apple App Store. This is a FREE upgrade, but you should make sure you have an up-to-date backup before proceeding.

In the meantime...

Play it Safe!

Although the firmware "worm" is NOT yet in the wild and has only been disclosed to Apple, SFU users are encouraged to use caution when using any USB or Thunderbolt peripherals. Controlling physical access to your machine is the best precaution.

More serious is the privilege escalation exploit recently discovered in the wild. This exploit is more difficult to control because it does not require physical access.

ALL SFU Mac users should be aware that vulnerabilities in OS X are being actively exploited by malicious websites and "downloadables".

Mac users need to exercise extreme caution when browsing the web especially on untrusted sites: DO NOT click unknown links in emails or browser pop-ups.

Unlike the many previous vulnerabilities, these new exploits require NO administrative access to penetrate the system -- passive web browsing may be all that is required to compromise your machine.

Stay Up-to-Date!

While it needs no explanation, your best protection against threats such as the ones described above is to ensure you patch your machine in a timely fashion.

SFU Managed Mac users will be reminded once-a-day to update your machines, please take the time to install those patches! Home or personal machines should also be reminded of pending updates regularly.

Questions?

Queries regarding upgrade options should be directed to your local IT Support or directly to the vendor if you have a personal machine.

General inquiries are also welcome at:  mac-help@sfu.ca

No comments yet