On 4/18/2015 3:29 AM, Edward Ned Harvey (lopser) wrote:
From: Starchy [mailto:star...@gmail.com]
Has there been any explicit statement from Apple that it won't be fixed
on earlier OSes? What I see right now is a security update that fixes
rootpipe for 10.10+ only while some other fixes in the release apply to
10.8.5+. Apple being Apple, I'd be surprised if there had been a
statement, but it would be good to know.
Yup. Although, as your suspicion suggests - they apparently told the guy who reported the
issue to them, and he's been telling everyone else. This ZDNet article explicitly
addresses the topic - but the arstechnical post I originally posted here also says
"Macs running versions 10.9 or earlier remain vulnerable."
http://www.zdnet.com/article/backporting-fix-for-rootpipe-privilege-issue-too-much-for-apple/
What is annoying a number of OS X users I know is that Yosemite has
broken a fair number of things, including smart card behaviour
(http://ludovicrousseau.blogspot.com/2014/11/os-x-yosemite-and-smart-cards-status.html
http://bioteam.net/2014/10/using-piv-smart-cards-with-mac-os-x-10-10-yosemite/
etc. etc.) which are yet to be fixed, and they're effectively unable to
work if they do an upgrade. That leaves them choosing between being
able to work and able to be secure.
Paul
_______________________________________________
Tech mailing list
Tech@lists.lopsa.org
https://lists.lopsa.org/cgi-bin/mailman/listinfo/tech
This list provided by the League of Professional System Administrators
http://lopsa.org/
