10.12.6 problems?

classic Classic list List threaded Threaded
11 messages Options
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

10.12.6 problems?

David Brostoff-2
On another list someone said the trackpad on his MacBook Pro behaved erratically after he updated to 10.12.6.

Anyone have this or any other problem with the update?

Thank you,

David


____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: 10.12.6 problems?

Al Varnell
The broadpwn security patch involving your WiFi chip is far more important than any trackpad behavior, but I know dozens with 10.12.6 on their laptops and none have reported any such problem. It's almost certainly a coincidence and probably a swollen battery.  If still feel you must wait, don't take your MBP out of your house or place of business.

-Al-

On Fri, Jul 28, 2017 at 08:33 PM, David Brostoff wrote:
>
> On another list someone said the trackpad on his MacBook Pro behaved erratically after he updated to 10.12.6.
>
> Anyone have this or any other problem with the update?
>
> Thank you,
>
> David



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: 10.12.6 problems?

@lbutlr
In reply to this post by David Brostoff-2
On Jul 28, 2017, at 9:33 PM, David Brostoff <[hidden email]> wrote:
> On another list someone said the trackpad on his MacBook Pro behaved erratically after he updated to 10.12.6.

I have 10.12.6 on two laptops (a 2015 MBP and a 2012 MBP) as well as on a couple of iMacs. No issues at all.

10.12.6 should be installed as soon as possible, as Al points out it patches a critical security flaw in the Wifi chipset that allows anyone within wifi range or your computer to gain access.

--
Apple broke AppleScripting signatures in Mail.app, so no random signatures.




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: 10.12.6 problems?

David Brostoff-2
In reply to this post by Al Varnell
On Jul 28, 2017, at 8:47 PM, Al Varnell <[hidden email]> wrote:
>
> The broadpwn security patch involving your WiFi chip is far more important than any trackpad behavior

Yes -- I had been waiting about a week as Adam had suggested.

David


____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: 10.12.6 problems?

David Brostoff-2
On Jul 29, 2017, at 11:57 AM, David Brostoff <[hidden email]> wrote:
>
> On Jul 28, 2017, at 8:47 PM, Al Varnell <[hidden email]> wrote:
>>
>> The broadpwn security patch involving your WiFi chip is far more important than any trackpad behavior
>
> Yes -- I had been waiting about a week as Adam had suggested.

Sorry -- make that as Josh Centers had suggested, in the article "Apple Releases macOS 10.12.6, iOS 10.3.3, watchOS 3.2.3, and tvOS 10.2.2."

"Given the security focus of these updates, we encourage you to update soon, but wait a week or so to make sure that they don’t suffer from unanticipated side effects."

David


____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: 10.12.6 problems?

Al Varnell
At the time Josh wrote that, there wasn't sufficient information available to know how to exploit that vulnerability. Since the details have been released, at least one person has published details on a "proof-of-concept" they wrote to exploit this vulnerability. It won't be much longer before somebody is attacked.  Regardless, it's been over a week now.

-Al-

On Jul 29, 2017, at 12:03 PM, David Brostoff <[hidden email]> wrote:

> On Jul 29, 2017, at 11:57 AM, David Brostoff <[hidden email]> wrote:
>>
>> On Jul 28, 2017, at 8:47 PM, Al Varnell <[hidden email]> wrote:
>>>
>>> The broadpwn security patch involving your WiFi chip is far more important than any trackpad behavior
>>
>> Yes -- I had been waiting about a week as Adam had suggested.
>
> Sorry -- make that as Josh Centers had suggested, in the article "Apple Releases macOS 10.12.6, iOS 10.3.3, watchOS 3.2.3, and tvOS 10.2.2."
>
> "Given the security focus of these updates, we encourage you to update soon, but wait a week or so to make sure that they don’t suffer from unanticipated side effects."
>
> David



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: 10.12.6 problems?

David Brostoff-2
On Jul 29, 2017, at 4:20 PM, Al Varnell <[hidden email]> wrote:
>
> At the time Josh wrote that, there wasn't sufficient information available to know how to exploit that vulnerability. Since the details have been released, at least one person has published details on a "proof-of-concept" they wrote to exploit this vulnerability. It won't be much longer before somebody is attacked.  Regardless, it's been over a week now.

Thank you for your rightful concern -- I only use WiFi when I travel overnight, which I haven't been doing lately, so I was not worried about being affected, and in any event have now updated, but this brings up another question:

Does a VPN protect a user from Broadpwn?

David




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: 10.12.6 problems?

Al Varnell
Not in any way. In fact, you don't even need to be connected to the WiFi router for a person nearby to inject malware onto your computer via this vulnerability.

-Al-

On Jul 29, 2017, at 8:24 PM, David Brostoff wrote:
> On Jul 29, 2017, at 4:20 PM, Al Varnell wrote:
>>
>> At the time Josh wrote that, there wasn't sufficient information available to know how to exploit that vulnerability. Since the details have been released, at least one person has published details on a "proof-of-concept" they wrote to exploit this vulnerability. It won't be much longer before somebody is attacked.  Regardless, it's been over a week now.
>
> Thank you for your rightful concern -- I only use WiFi when I travel overnight, which I haven't been doing lately, so I was not worried about being affected, and in any event have now updated, but this brings up another question:
>
> Does a VPN protect a user from Broadpwn?
>
> David



____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: 10.12.6 problems?

David Brostoff-2
On Jul 29, 2017, at 8:55 PM, Al Varnell <[hidden email]> wrote:
>
> Not in any way. In fact, you don't even need to be connected to the WiFi router for a person nearby to inject malware onto your computer via this vulnerability.

How is it injected?

David


____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: 10.12.6 problems?

David Brostoff-2
On Jul 29, 2017, at 9:37 PM, David Brostoff <[hidden email]> wrote:
>
> On Jul 29, 2017, at 8:55 PM, Al Varnell <[hidden email]> wrote:
>>
>> Not in any way. In fact, you don't even need to be connected to the WiFi router for a person nearby to inject malware onto your computer via this vulnerability.

OK -- I think I understand. Is this what you mean by not having to be connected to the router?

"He eventually spotted one crucial bug in particular, hidden in Broadcom's "association" process, which allows phones to search for familiar Wi-Fi networks before they connect to one. One part of the beginning of that handshake process didn't properly constrict a piece of data sent to it by the Wi-Fi access point back to the chip, a bug known as a "heap overflow." With a carefully crafted response, the access point could send data that corrupts the module's memory, overflowing into other parts of the memory to run as commands."

"How a Bug in an Obscure Chip Exposed a Billion Smartphones to Hackers"
<https://www.wired.com/story/broadpwn-wi-fi-vulnerability-ios-android/>

David




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Reply | Threaded
Open this post in threaded view
|  
Report Content as Inappropriate

Re: 10.12.6 problems?

@lbutlr
In reply to this post by David Brostoff-2
On Jul 29, 2017, at 9:24 PM, David Brostoff <[hidden email]> wrote:
> Thank you for your rightful concern -- I only use WiFi when I travel overnight, which I haven't been doing lately, so I was not worried about being affected, and in any event have now updated, but this brings up another question:
>
> Does a VPN protect a user from Broadpwn?

It does not. And unless you *disable* the wifi on the phone, your are vulnerable with iOS 10.3.2 or earlier. The flaw is in the firmware of the wifi controller, and does not require a connection to exploit.

The ONLY ways to protect yourself from Broadpwn is to either disable the wifi in your device or update to 10.3.3.

--
Apple broke AppleScripting signatures in Mail.app, so no random signatures.




____________TidBITS Talk Participation Guidelines____________
Post only when you have something substantive to contribute.
Be polite and constructive, and comment on posts, not people.
Quote sparingly, if at all. We all read the previous message.
Start threads with a new message to [hidden email].
Read archives at: http://tidbits.com/pipermail/tidbits-talk/
Unsubscribe at: http://tidbits.com/mailman/options/tidbits-talk
____Mailing List Manners: http://tidbits.com/series/1141 ____
Loading...