OpenSSH exploit affects Mac OS X users

alpantheralpanther
Posted:
in macOS edited January 2014
Don't get too worked up it's disabled by default; but if you have a version prior to 3.7 and have it enabled you may want to upgrade.



From MacNN

SecurityFocus BUGTRAQ

Comments

  • Reply 1 of 15
    wjmoorewjmoore Posts: 210member
    Quote:

    Originally posted by AlPanther

    Don't get too worked up it's disabled by default; but if you have a version prior to 3.7 and have it enabled you may want to upgrade.



    From MacNN

    SecurityFocus BUGTRAQ



    Or disable it until Apple releases an update.
  • Reply 2 of 15
    kickahakickaha Posts: 8,760member
    Or nail it down to trusted IPs with the Firewall, like I did.



    Port 22 is ssh, allow only traffic from IPs that you know you're going to be using.



    I figure if they are that concerned with hacking my piddly home box that they take the trouble to snoop my connections, learn the IPs I'm using, spoof them, then crack ssh... let 'em. I'm not that concerned.
  • Reply 3 of 15
    xoolxool Posts: 2,460member
    Come on Apple... where's my Security Update?
  • Reply 4 of 15
    chealionchealion Posts: 16member
    I'm not at home, so I can't check, but didn't Fink have the latest version, 3.7.1 or something which isn't affected?
  • Reply 5 of 15
    wjmoorewjmoore Posts: 210member
    Quote:

    Originally posted by Xool

    Come on Apple... where's my Security Update?



    They usually take a week (if they're quick) to fix things like this.
  • Reply 6 of 15
    xoolxool Posts: 2,460member
    You think this security update will just be included in 10.2.8?
  • Reply 7 of 15
    eugeneeugene Posts: 8,254member
    Quote:

    Originally posted by Xool

    You think this security update will just be included in 10.2.8?



    What about 10.1.x users? IMO, security updates should be offered in elemental form.
  • Reply 8 of 15
    xoolxool Posts: 2,460member
    Quote:

    Originally posted by Eugene

    What about 10.1.x users? IMO, security updates should be offered in elemental form.



    Lol. And they fix it for 10.2.8, but not for my G5! Doh!
  • Reply 9 of 15
    addisonaddison Posts: 1,185member
    I have noticed that whilst somethings take ages to fix Apple is really hot on security issues. I commend their speed, it really puts MS to shame.
  • Reply 10 of 15
    wjmoorewjmoore Posts: 210member
    Quote:

    Originally posted by WJMoore

    They usually take a week (if they're quick) to fix things like this.



    6 days, not far off eh!
  • Reply 11 of 15
    gabidgabid Posts: 477member
    Quote:

    Originally posted by Xool

    Lol. And they fix it for 10.2.8, but not for my G5! Doh!



    I'll second that sentiment. Right there with you waiting for a G5 update...
  • Reply 12 of 15
    willywalloowillywalloo Posts: 408member
    10.2.8 doesn't look like it's made for the 64-bit support...that would be the major reason. 10.2.7 is the first version that does.



    Panther 10.3 (7b53) works great on the G5, and there is even a speed increase when going from 10.2.7 to Panther !
  • Reply 13 of 15
    xoolxool Posts: 2,460member
    Nobody is commenting much on the latest Panther builds. We all know it should be FC x status soon. I'm just waiting to download the GM from ADC and slap it on all sorts of good stuff -- G5 especially.
  • Reply 14 of 15
    xoolxool Posts: 2,460member
    Back on topic....



    Still no SSH patch for my G5. In fact, now that 10.2.8 has been pulled, there's no fix for my other boxes either.
  • Reply 15 of 15
    xoolxool Posts: 2,460member
    Still waiting. Although I heard that 10.2.8 was rereleased. Not showing up on my Ti and I even when it does, I doubt it will help my G5. Grrr....
Sign In or Register to comment.