2 weeks ago
Apart from waiting for Apple to release a patch for this. Can I ask what other mitigations people are doing or thinking about doing for this recent issue?
2 weeks ago
We have pretty hard core adopted zero trust, there is no direct peer to peer access between workstations. About 2 years ago I disabled SSH on our Macs, which did close quite a few vulnerabilities with how lackadaisically Apple likes to patch SSH.
2 weeks ago
Well I'm not worrying 1 bit about it because it looks like it may only be possible on 32bit systems and only really affects Debian based linux systems.
2 weeks ago
2 weeks ago
Our security team pinged us on this. I opened a ticket with Apple Enterprise Support and received the below response....pretty standard response from Apple. From what I understand this vulnerability only impacts Glibc-based “Debian” Linux operating systems. Apple may not ever provide a specific update to address this if the CVE does not actually impact macOS.
________________________________
Thanks for reaching out to AppleCare Enterprise Support Engineering for assistance today. I understand that you have questions about CVE-2024-6387 and if it affects macOS/iOS.
To protect our customers, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available. Because of that, I cannot say how and when a resolution will be delivered. Until then, you can monitor security updates from our Product Security team as outlined on the Apple Product Security page: https://www.apple.com/support/security/
The fastest way to hear about software updates for security issues is via Apple’s public security-announce list. If you are not on that list I highly recommend it. You can get information about this list here:
a week ago
I think apple should adjust this auto reply. We got pretty much the same thing on the databreach last week.
To protect our shareholders, Apple does not disclose, discuss or confirm security issues until a full investigation has occurred and any necessary patches or releases are available....
Tuesday
Not that it mattered, but i wrote an EA to check for SSH being enabled, and if it is, then i turn it off https://www.alansiu.net/2020/09/02/scripting-ssh-off-on-without-needing-a-pppc-tcc-profile/ to make security happier.
Tuesday
not seeing the EA on that link?
yesterday
Has anyone developed a script to push from Jamf Pro to update openSSH?
yesterday
update it with what? you'd need to wait for Apple to provide an update right?
yesterday
I have the newest version of openSSH and used Home Brew to install it on my Mac. I am on 14.5 and was running SSH_9.7. Home Brew worked to install 9.8. I was looking to push this out to our fleet in Jamf due to security seeing anything 9.7 and lower a vulnerability.
yesterday
That doesn’t patch the Apple provided version of ssh. That just installs a second copy that now you have to maintain, configure, and update.
yesterday
Ah, thanks for the insight.