Apple releases update for MacOS Security plug-n-hack attacks

in #plug7 years ago (edited)

Apple sent out the release of the macOS High Sierra 10.13.1, Sierra 10.12.6, and the El Capitan 10.11.6 on October 31st, what was not said they sent out a patch for vulnerabilities that affects fsck_msdos. This is a system tool that Apple included to check & fix errors in the FAT filesystem. The tool runs automatically when you connect a FAT USB or SD device to your Mac.

The bug that allows the plug-n-hack attacks

This vulnerability allows the code to be executed with system level privileges. This lets the external device take over your system.

how does the bug work?

The bug causes a peice of code that fails to increase the value of a variable, this results in "-1" a memory corupt. Hackers can use these USB attacks to execute bad code simply just by plugging in a USB to your Mac. fsck_msdos reads the external devices automatically. The code then runs with out your permission.

other devices affected in a similar way

the bug named (CVE-2017-13811) affects Androids too. The same fsck_msdos utility is also found in systems such as Linux, Android, and BSD systems.

As of today Android does not plan to issue out a fix, although they might change their minds in the near future. I recommend you update to a new version on your Macs for protection.

Coin Marketplace

STEEM 0.19
TRX 0.15
JST 0.029
BTC 63630.04
ETH 2656.44
USDT 1.00
SBD 2.81