Recent Security Issue Question

Joined
Feb 24, 2011
Messages
930
Reaction score
33
Points
28
Location
Los Angeles
What am I supposed to do in regard to the recent discovery of a security flaw in OS? I'm using Firefox for banking right now, but I want to go back to Safari.

I'm using OS X 10.6.8. I have no idea if that is Mavericks or Snow Leopard or Fluffy the Cat. Do I download the free Mavericks from the App Store?

Thanks.
 

pigoo3

Well-known member
Staff member
Admin
Joined
May 20, 2008
Messages
44,210
Reaction score
1,418
Points
113
Location
U.S.
Your Mac's Specs
2017 15" MBP, 16gig ram, 1TB SSD, OS 10.15
What am I supposed to do in regard to the recent discovery of a security flaw in OS? I'm using Firefox for banking right now, but I want to go back to Safari.

I'm using OS X 10.6.8. I have no idea if that is Mavericks or Snow Leopard or Fluffy the Cat.

What security flaw are you talking about? Are you 100% sure there's a security flaw? If you don't know the proper OS name for 10.6.8…I'm thinking you're not an OS security expert either.

No disrespect intended. OS names are a lot easier topic than OS security.:)

Do I download the free Mavericks from the App Store?

Yes you could do that. But be aware that if your computer is currently running OS 10.6.8 (Snow Leopard)…upgrading to "Mavericks" (10.9.2) is a BIG all at once upgrade (three versions newer). It's very possible that if you have some "paid-for" installed apps…that the OS upgrade to 10.9 may make them non-compatible (you need to check on app compatibility).

- Nick
 
Joined
Jan 19, 2008
Messages
4,695
Reaction score
73
Points
48
Location
houston texas
Your Mac's Specs
09 MBP 8GB ram 500GB HD OS 10.9 32B iPad 4 32GB iPhone 5 iOs7 2TB TC Apple TV3
10.6.8 = Snow Leopard
Without knowing your year/ model and amount of ram and available hard drive space on your Mac it is hard to recommend any upgrade.
If you have everything up to date from software center then you should be ok.
 
M

MacInWin

Guest
The security issue is only a factor if there is what is called Man-in-the-middle who can intercept your internet traffic. To do that, the miscreant has to be in the same WiFi network as you. If you aren't using wifi, no threat. If you ARE using WiFi, but only at home, as long as you use security (WPA2 or better) on the wireless router, no problem. If you use WiFi at a public Wifi site (Starbucks, library, etc), then there is a risk of the MitM attack. So, stay up to date on patches from Apple and don't do banking in Starbucks.
 

pigoo3

Well-known member
Staff member
Admin
Joined
May 20, 2008
Messages
44,210
Reaction score
1,418
Points
113
Location
U.S.
Your Mac's Specs
2017 15" MBP, 16gig ram, 1TB SSD, OS 10.15
The security issue is only a factor if there is what is called Man-in-the-middle who can intercept your internet traffic. To do that, the miscreant has to be in the same WiFi network as you. If you aren't using wifi, no threat. If you ARE using WiFi, but only at home, as long as you use security (WPA2 or better) on the wireless router, no problem. If you use WiFi at a public Wifi site (Starbucks, library, etc), then there is a risk of the MitM attack. So, stay up to date on patches from Apple and don't do banking in Starbucks.

You seem to up to date on this more than me.:) Is the "man in the middle" attack at a public WiFi location still an issue if someone turns on the Firewall in the "Security & Privacy" Preference setting?

- Nick
 
M

MacInWin

Guest
I'm not up to speed on the exact details of the MitM attack weakness. Apple fixed it a couple of days ago, and I've installed the fix, so it's not a threat to me anymore. But I read an article at another website that says the bug was in the SSL, so I don't think the firewall would be of any help. The protocol itself suffered the problem.
 

pigoo3

Well-known member
Staff member
Admin
Joined
May 20, 2008
Messages
44,210
Reaction score
1,418
Points
113
Location
U.S.
Your Mac's Specs
2017 15" MBP, 16gig ram, 1TB SSD, OS 10.15
I'm not up to speed on the exact details of the MitM attack weakness. Apple fixed it a couple of days ago, and I've installed the fix, so it's not a threat to me anymore. But I read an article at another website that says the bug was in the SSL, so I don't think the firewall would be of any help. The protocol itself suffered the problem.

In case my question above was confusing in any way. I was referring to the "security issue" the OP is referring to concerning OS 10.6.8. Thus the combination of:

- "Man in the Middle" issue
- OS 10.6.8
- turning on the firewall in the "Security & Privacy" preference
- and possible end of support from Apple for OS 10.6

I'm guessing that you may be running a newer OS version that may be still be supported by Apple (since you mentioned installing a fix). I didn't know if this fix included support for OS 10.6. Or if you were still running OS 10.6 on one of your computers.

Not trying to put you on the spot…just trying to learn for me & others.:)

- Nick
 

dtravis7


Retired Staff
Joined
Jan 4, 2005
Messages
30,133
Reaction score
703
Points
113
Location
Modesto, Ca.
Your Mac's Specs
MacMini M-1 MacOS Monterey, iMac 2010 27"Quad I7 , MBPLate2011, iPad Pro10.5", iPhoneSE
10.6.8 Safari does NOT have that issue. I went to that goto test site with it and its green and passes the test.
 
M

MacInWin

Guest
The hole has been in OSX since 2012. If 10.6.8 was BEFORE that, it is probably not there. I'm running Mavericks. If the OP is concerned, then call to Apple is probably in order. What Apple released was 10.9.2, Mavericks.

And with that, you have exhausted my meager knowledge.
 

dtravis7


Retired Staff
Joined
Jan 4, 2005
Messages
30,133
Reaction score
703
Points
113
Location
Modesto, Ca.
Your Mac's Specs
MacMini M-1 MacOS Monterey, iMac 2010 27"Quad I7 , MBPLate2011, iPad Pro10.5", iPhoneSE
Here is my late 2006 iMac with OSX 10.6.8 Snow Leopard and latest Safari.

Screen shot 2014-02-28 at 8.34.30 PM.png
 

pigoo3

Well-known member
Staff member
Admin
Joined
May 20, 2008
Messages
44,210
Reaction score
1,418
Points
113
Location
U.S.
Your Mac's Specs
2017 15" MBP, 16gig ram, 1TB SSD, OS 10.15
The hole has been in OSX since 2012. If 10.6.8 was BEFORE that, it is probably not there.

I think that 10.6 (Snow Leopard) was released August, 2009. Well before 2012.:)

That's why I was asking the OP…"What security issue with 10.6?"

- Nick

p.s. A 2nd thanks here Dennis.:)
 
Joined
Jan 19, 2008
Messages
4,695
Reaction score
73
Points
48
Location
houston texas
Your Mac's Specs
09 MBP 8GB ram 500GB HD OS 10.9 32B iPad 4 32GB iPhone 5 iOs7 2TB TC Apple TV3
To add to what was already said I would keep Java and Flash updated if you have to use them and update from their site.
I have click to flash enabled on mine so it will force the H 264 when available and I don't use Java but Java Script which is not the same.
 
Joined
Apr 26, 2008
Messages
2,963
Reaction score
120
Points
63
Location
Belgium
Your Mac's Specs
iPad Pro 12.9 latest iOS
Marrk,
If you are running Snow Leopard ( latest patch ) then you not affected by this SSL ( aka. GoToFail ) flaw that is being discussed for iOS and Mavericks as of late.
On this MiTM attack, ..... it is not limited to public ( aka shared ) networks, it can happen inside your own private home network as well , however a lot less likely if you control your own network properly.
Will your OS X based firewall ( or your router based firewall ) prevent this kind of attack .... NO.

Cheers ... McBie
 
OP
M
Joined
Feb 24, 2011
Messages
930
Reaction score
33
Points
28
Location
Los Angeles
Marrk,
If you are running Snow Leopard ( latest patch ) then you not affected by this SSL ( aka. GoToFail ) flaw that is being discussed for iOS and Mavericks as of late.
On this MiTM attack, ..... it is not limited to public ( aka shared ) networks, it can happen inside your own private home network as well , however a lot less likely if you control your own network properly.
Will your OS X based firewall ( or your router based firewall ) prevent this kind of attack .... NO.

Cheers ... McBie


Aside from doing a Software Update, which I have already done and do every week, how do I know if I am running "Snow Leopard (latest patch)"?
 
M

MacInWin

Guest
Software update will always get you the latest patch. If you want to check, click on the Apple icon upper left, then About this Mac and you will see the version of OSX you are running.
 
OP
M
Joined
Feb 24, 2011
Messages
930
Reaction score
33
Points
28
Location
Los Angeles
Software update will always get you the latest patch. If you want to check, click on the Apple icon upper left, then About this Mac and you will see the version of OSX you are running.


Thanks, MacInWin. I did not know that the installation of a patch would change the OS X version number.

I did another Software Update just now, and it seems I am still running 10.6.8 as stated in my first post.
 
Joined
Apr 26, 2008
Messages
2,963
Reaction score
120
Points
63
Location
Belgium
Your Mac's Specs
iPad Pro 12.9 latest iOS
I think 10.6.8 was the latest version of Snow Leopard.
All additional updates ( Like security updates etc .... ) will not change the version number.

Cheers ... McBie
 
OP
M
Joined
Feb 24, 2011
Messages
930
Reaction score
33
Points
28
Location
Los Angeles
^^Yes. That has been my experience in the past (now that I think of it).

Thanks!
 

Shop Amazon


Shop for your Apple, Mac, iPhone and other computer products on Amazon.
We are a participant in the Amazon Services LLC Associates Program, an affiliate program designed to provide a means for us to earn fees by linking to Amazon and affiliated sites.
Top