News, tips, advice, support for Windows, Office, PCs & more
Home icon Home icon Home icon Email icon RSS icon

We're community supported and proud of it!

  • Security patches for Apple – Sept 13

    Home Forums AskWoody blog Security patches for Apple – Sept 13

    Viewing 14 reply threads
    • Author
      Posts
      • #2389529
        Susan Bradley
        Manager

        Security patches for Apple: https://support.apple.com/en-us/HT212807 Apple is patching two “in the wild” zero days – 1 in CoreGraphics (aka CVE-2021-3
        [See the full post at: Security patches for Apple – Sept 13]

        Susan Bradley Patch Lady

        3 users thanked author for this post.
      • #2389566
        Michael Austin
        AskWoody Plus

        Merci. And I noted at that site that, “Apple is aware of a report that this issue may have been actively exploited.

        Finance, social and tech founder. Managing director of new crowd sourced games in pre-release development. Director on a new consortium to bring fractional ownership of heritage antiquities to the blockchain. My planet-wide talk show for people craving new stories by which to live is Casual Saints.
      • #2389581
        Susan Bradley
        Manager

        Susan Bradley Patch Lady

      • #2389615
        BillH
        AskWoody Plus

        How does one install these patches?

        Bill

        • #2389641
          Mele20
          AskWoody Lounger

          How does one install these patches?

          Bill

          I have Windows computers and an iPhone xr and iWatch series 5. I just did the patch on both devices (thanks to the alert by Susan here which I saw when I got on the computer today). Here’s what I do:

          Place both devices next to each other. Plug iPhone into power (I use USB ports on the front of my desktop computer as the most convenient way) and make sure the iWatch is plugged into power and the watch is sitting on its charger. If your iPhone is not on automatic backup, make a backup now. Then charge the iPhone to 50% power or more and then click on the gear icon, then General and then Software Update. Follow the instructions. After the update completes, THEN update your watch. (Open watch on your phone by clicking on the iWatch icon) and follow the instructions.

          Or, you can let the installations occur overnight if you have automatic update enabled on the iPhone. I don’t do this because of the danger of a fire while I am sleeping…it’s a small risk but I don’t take it. In fact, I completely turn off my iPhone at bedtime.

          Minor updates, like this one, take about 30 minutes to one hour here in Hawaii. Major update takes a lot longer especially if trying to get one right after Apple releases it.

          1 user thanked author for this post.
          • #2389653
            BillH
            AskWoody Plus

            Mele20,

            Thanks for the reply.  I don’t have an iPhone or watch… only an iPad.  I gather that the update process is similar to the iPhone.  I’ll give it a go.

            Thanks!

            Bill

        • #2389637
          CDN
          AskWoody Lounger

          Follow these steps:

          1. Plug your device into power and connect to the internet with Wi-Fi.
          2. Go to Settings > General, then tap Software Update.
          1 user thanked author for this post.
      • #2389642
        anonymous
        Guest

        I have been holding off downloading Big Sur update 11.5.2 because of reports that it causes the problem “you do not have permission to open the application when using a scanner on Mac.”

        The Apple Security Updates page now says 11.5.2 had no published cve entries and it is grayed out.  Does this mean this update has been pulled?

        I want to download the new update Big Sur 11.6 but do not want 11.5.2 to be a part of it.  Can anyone clarify this for me?  I currently have 11.5.1 installed and when I check About this Mac I am being offered Big Sur 11.6 — does this mean 11.5.2 has been pulled and no longer avaiable?

        • #2389661
          Susan Bradley
          Manager

          https://support.apple.com/en-us/HT212804

          11.6 is the latest Big Sur version release that just got released today

          5 Things to Know About the macOS Big Sur 11.6 Update

          And I just have to say I really get annoyed with this types of reports.  “We’re hearing about installation issues, UI lag, issues with first and third-party apps, abnormal battery drain, Wi-Fi problems, lockups, freezes, and crashes.”  No links, no backup for these claims.   I had zero issues.  But just like with Windows, make sure you have a backup before installing updates.

          Susan Bradley Patch Lady

          • #2389678
            OscarCP
            AskWoody Plus

            Susan: I suspect that is not news to you that the problems some people have are often caused by what some people do with their computers, that also often only a few do and, sometimes, even a minority of one does, so they are not of general concern. But are recited repeatedly in articles such as the one you have pointed out, because these are all the news there is. And also because drama, same as sex (as the saying goes), sells.

            Ex Windows user (Win. 98, XP, 7) since mid-2020. Now: running macOS Big Sur & sometimes, Linux (Mint)

            MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
            Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
            Waterfox "Current" and (now and then) Chrome. also Intego AV and Malwarebytes for the Mac.

          • #2389722
            anonymous
            Guest

            Susan, Gotta Be Mobile copies and pastes the same text for every single article they publish about macOS updates. It annoys me because it’s not truthful reporting; it’s being lazy at best, and outright misinformation at worst.

            Re. macOS 11.5.2, that version of macOS is primarily a bug-fix release, with no security patches. Apple did not list it as a “recommended update for all users” and so there is no rush to install it, but I installed it and encountered no problems—in fact, some bugs I had with Big Sur, such as my iPhone not appearing in the Finder’s sidebar when connected to Wi-Fi even with the option to do so checked, were fixed in this update.

            macOS updates are cumulative, so if you install 11.6, you will also get the changes introduced in 11.5.2. Since 11.5.2 has been largely hassle-free, and since it’s been out for more than a month now, it is safe to install it.

        • #2389675
          OscarCP
          AskWoody Plus

          Anonymous #2389642 : There is a thread that deals with this problem with a comment with a simple fix for it, provided by Alex here:  https://www.askwoody.com/forums/topic/macos-big-sur-11-2-released/#post-2383657

          I tried and it solved the problem in my Mac right away and for good.

          Ex Windows user (Win. 98, XP, 7) since mid-2020. Now: running macOS Big Sur & sometimes, Linux (Mint)

          MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
          Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
          Waterfox "Current" and (now and then) Chrome. also Intego AV and Malwarebytes for the Mac.

      • #2389666
        DrBonzo
        AskWoody Plus

        I wish Apple would be a bit more forthcoming about security vulnerabilities. A statement like ‘A specially crafted pdf file can cause problems.’ isn’t very helpful. As someone who’s been bitten to a greater or lesser degree by macOS patches – not to mention Windows and Linux Mint patches – I’ve come to view all patches with skepticism and always wait a few days or more before installing them. (Yes I have backups, images, etc, but it’s still not something I want to deal with.).

        In the present case, is it any specially crafted pdf file that one might encounter through email, web surfing, etc. or only those that somehow come through iMessage, as has been implied by various media articles? Are there any mitigations or work-arounds that can be implemented while waiting to see if the patch is safe? Are there any differences between the vulnerability in an iPad, iPhone, Mac, etc. The only Apple products I have are Macs so am I safe if I just stay away from pdf files (well probably not if there really is no clicking required to get attacked). Do I only need to worry if I’m a nation-state?

        Apologies if this sounds too much like a rant, but I actually am interested in answers to my questions. Any comments and/or insights would be appreciated.

        2 users thanked author for this post.
        • #2389745
          Susan Bradley
          Manager

          This particular zero days were used in attacks via imessage on phones. It was targeted attacks and I did not see it used on the desktop, just the phones.

          Susan Bradley Patch Lady

          2 users thanked author for this post.
      • #2389667
        OscarCP
        AskWoody Plus

        DrBonzo: Sorry not to be able to answer in particular your questions on the bugs meant to be fixed by the new released patch to Big Sur. Now, generally speaking, I am never in a hurry to install anything and, being fearless by nature, I fear not the hacked PDF goblin. Or at least not enough to be compelled by fear of it, or of something like it, to install this patch, or any patch, in a hurry.

        In line with my idea of what is only prudent, I’ll wait a week or longer to do anything about this patch, keeping my ears open wide to hear any screams of anguish that might issue from the mouths of the early adopters.

        Ex Windows user (Win. 98, XP, 7) since mid-2020. Now: running macOS Big Sur & sometimes, Linux (Mint)

        MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
        Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
        Waterfox "Current" and (now and then) Chrome. also Intego AV and Malwarebytes for the Mac.

        1 user thanked author for this post.
        • #2389673
          DrBonzo
          AskWoody Plus

          I also customarily wait before installing patches – usually 2 to 3 weeks – and at the moment am thinking I’ll do the same this time.

          Of course, this naturally leads to another aspect of patching that also leaves much to be desired: the role of the media and the security researchers. The former feel the need to overdramatize the situation probably in hopes that sensationalism sells, while the latter seem to be in constant need of trying to show off how smart they think they are. But by now I think we get it. Yes, bad things can happen, and yes, the white hat hackers are smart but why not try to explain things so the more typical users among us can understand just how imminent the threat is and what we can reasonably do to mitigate the problem while we wait to see just how safe a patch is?

          Well, while I’m at it, here’s one last thought for software writers/developers. Instead of waiting for the black hat hackers to find the vulnerabilities that exist and then reacting to that in trying to patch things up, why not put more effort into doing it right the first time, thereby minimizing the number of vulnerabilities in the first place.

          1 user thanked author for this post.
      • #2389676
        Alex5723
        AskWoody Plus

        Well, while I’m at it, here’s one last thought for software writers/developers. Instead of waiting for the black hat hackers to find the vulnerabilities that exist and then reacting to that in trying to patch things up, why not put more effort into doing it right the first time, thereby minimizing the number of vulnerabilities in the first place.

        I have a better idea. Why not develop an OS, browser, software… with no security holes so no security updates ? only updates for new features, new hardware support.. ?

        3 users thanked author for this post.
        • #2389681
          OscarCP
          AskWoody Plus

          If only!

          Ex Windows user (Win. 98, XP, 7) since mid-2020. Now: running macOS Big Sur & sometimes, Linux (Mint)

          MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
          Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
          Waterfox "Current" and (now and then) Chrome. also Intego AV and Malwarebytes for the Mac.

        • #2389682
          DrBonzo
          AskWoody Plus

          I would love to see that, but I doubt that it’ll happen in my lifetime.

        • #2389744
          Susan Bradley
          Manager

          Never going to happen.  Software will always be found to have security issues. People people software with one intent and don’t always think about all the ways they can be used. Someone else will always find a vulnerability.

          Susan Bradley Patch Lady

          • #2389831
            OscarCP
            AskWoody Plus

            My thoughts exactly. Whatever is made by mortal hands is imperfect, This means that anything more complicated than scratching one’s nose (maybe) is going to have something not-quite right in it and that, sometimes, can be exploited by someone (an individual or a group) who looks hard enough to find a flaw and who, if then finds it, may be able to use it in a way that is very profitable (e.g. breaking and entering in data bases that are loaded with our PII, or planting ransomware, etc.), or for diabolic meddling (cyber attacks on critical public infrastructure), to our own sorrow.

            Ex Windows user (Win. 98, XP, 7) since mid-2020. Now: running macOS Big Sur & sometimes, Linux (Mint)

            MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
            Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
            Waterfox "Current" and (now and then) Chrome. also Intego AV and Malwarebytes for the Mac.

      • #2389680
        Alex5723
        AskWoody Plus

        I wish Apple would be a bit more forthcoming about security vulnerabilities. A statement like ‘A specially crafted pdf file can cause problems.’ isn’t very helpful

        No software company will be a bit more forthcoming about security vulnerabilities as more details will enable hacker to hack unpatched systems or find a workaround.

        You won’t find any details in any CVE posts.

        • #2389684
          DrBonzo
          AskWoody Plus

          I’m not in the habit of complimenting Microsoft, but it seems that they do make some attempt to indicate the severity of some vulnerabilities, give some mitigations and workarounds, and some indication as to whether or not an attacker needs physical access to a computer. Some of that info can be helpful; for example, if I keep my computers physically secure and an attacker needs physical access, I’m inclined to think that a patch is not terribly important to me.

          1 user thanked author for this post.
      • #2389683
        OscarCP
        AskWoody Plus

        DrBonzo: ” … another aspect of patching that also leaves much to be desired: the role of the media and the security researchers. The former feel the need to overdramatize the situation probably in hopes that sensationalism sells ….

        Please see my related comment here: https://www.askwoody.com/forums/topic/security-patches-for-apple-sept-13/#post-2389678

        Ex Windows user (Win. 98, XP, 7) since mid-2020. Now: running macOS Big Sur & sometimes, Linux (Mint)

        MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
        Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
        Waterfox "Current" and (now and then) Chrome. also Intego AV and Malwarebytes for the Mac.

        1 user thanked author for this post.
      • #2389700
        Alex5723
        AskWoody Plus

        DrBonzo wrote:
        I wish Apple would be a bit more forthcoming about security vulnerabilities. A statement like ‘A specially crafted pdf file can cause problems.’ isn’t very helpful

        Example from Google’s Chrome release notes :

        Note: Access to bug details and links may be kept restricted until a majority of users are updated with a fix. We will also retain restrictions if the bug exists in a third party library that other projects similarly depend on, but haven’t yet fixed.

      • #2389740
        PKCano
        Manager

        I have updated my 2-gen iPhone SE to iOS 14.8 with no apparent problems.
        I have updated my Intel-based Kaby Lake 21.5″ iMac4K to Big Sur 11.6 – using it as we speak.
        I am in the process of downloading/installing Big Sur 11.6 on my M1 MacMini – don’t anticipate any problems but will report them if I do. Will be using it for Patch Tues later today.

        There is a Security Update 2021-005 for MacOS Catalina.
        I will install it once Patch Tues rush is over, before updating the Win7/Win8.1/Win10/Win11 Insider VMs running on the Catalina machines. Also will report any problems.

        Update: M1 MacMini successfully updated to Big Sur 11.6. Currently in use here.

        2 users thanked author for this post.
        • #2389911
          anonymous
          Guest

          I think you meant “macOS Catalina”, not “iOS Catalina”.

          In any case, patches on my end went smoothly. I have an iPhone XR and an early-2020 13-inch MacBook Pro with Intel processor.

          iPhone XR updated from iOS 14.7.1 to iOS 14.8 with no problems. Update process (including download) took about 20 minutes.

          MacBook Pro updated from macOS Big Sur 11.5.2 to 11.6 with no problems. Update process (including download) also took about 20 minutes.

      • #2389748
        anonymous
        Guest

        OscarCP AskWoody Plus Anonymous #2389642 : There is a thread that deals with this problem with a comment with a simple fix for it, provided by Alex here:  https://www.askwoody.com/forums/topic/macos-big-sur-11-2-released/#post-2383657 I tried and it solved the problem in my Mac right away and for good.

        Hi OscarCP – one question:  was your scanner a Cannon or a HP?  I see where Cannon was involved but not sure about HP which is what I have.

        • #2389826
          OscarCP
          AskWoody Plus

          Anonymous: An HP 4650. It had the same problem being discussed here and I solved it as mentioned.

          Good luck with your printer.

          Ex Windows user (Win. 98, XP, 7) since mid-2020. Now: running macOS Big Sur & sometimes, Linux (Mint)

          MacBook Pro circa mid-2015, 15" display, with 16GB 1600 GHz DDR3 RAM, 1 TB SSD, a Haswell architecture Intel CPU with 4 Cores and 8 Threads model i7-4870HQ @ 2.50GHz.
          Intel Iris Pro GPU with Built-in Bus, VRAM 1.5 GB, Display 2880 x 1800 Retina, 24-Bit color.
          Waterfox "Current" and (now and then) Chrome. also Intego AV and Malwarebytes for the Mac.

          • #2389837
            anonymous
            Guest

            Thanks OscarCP.  I plan on waiting a few more days to update.

      • #2389839
        davinci953
        AskWoody Plus
      • #2389867
        anonymous
        Guest

        Anonymous: An HP 4650. It had the same problem being discussed here and I solved it as mentioned.

        Good luck with your printer.

        I bit the bullet and installed Big Sur 11.6 which included Big Sur 11.5.2.  All is well and I did not encounter the scanner error associated with 11.5.2.  Yipee!  I hope everyone else has as good an experience with their security patches.

    Viewing 14 reply threads

    Please follow the -Lounge Rules- no personal attacks, no swearing, no politics or religion.

    Reply To: Security patches for Apple – Sept 13

    You can use BBCodes to format your content.
    Your account can't use Advanced BBCodes, they will be stripped before saving.