Download free Apple OS X Games and Emulators for Mac OSX. Freeware Game Boy Advance (GBA) Emulator, Nintendo DS, NES, SNES or even Dreamcast emulator for playing SEGA DC games on Mac. The History of Video Games and their Emulators - Over time, there have been many video game consoles, both home and handheld types, which were introduced in the. This is an addendum to the Increments page specifically for Mac OS GPU Selection So, What AMD GPUs Aren’t Safe? As far as we can tell from our (extensive) research, Hawaii cards (The R9 290, 290X, 390, and 390X) are the first cards that shipped with the reset bug. Apple could pay a reward to the 14-year-old boy who found the FaceTime snooping bug. Published Mon, Feb 4 2019 9:38 AM EST Updated Mon, Feb 4 2019 12:40 PM EST. Belvedere @MattBelvedere.
Apple today released macOS Big Sur 11.2.1 to the public, alongside supplemental updates for macOS Catalina 10.15.7 and macOS Mojave 10.14.6. In addition to a fix for MacBook Pro charging issues, the update also brings a notable security fix for a Sudo bug that was reported last week.
As we explained last week, the Sudo bug could allow an ordinary user to gain root access to a Mac, though an attacker would also need to combine with malware or a brute-force attack to gain user access in the first place. ZDNet explained the vulnerability:
The vulnerability, disclosed last week as CVE-2021-3156 (aka Baron Samedit) by security researchers from Qualys, impacts Sudo, an app that allows admins to delegate limited root access to other users. Qualys researchers discovered that they could trigger a “heap overflow” bug in the Sudo app to change the current user’s low-privileged access to root-level commands, granting the attacker access to the whole system
Apple says that today’s update to macOS Big Sur 11.2.1, as well as the supplemental updates for macOS Catalina 10.15.7 and macOS Mojave 10.14.6, include a fix for the bug. Apple published the following details on its support website:
- Available for: macOS Big Sur 11.2, macOS Catalina 10.15.7, macOS Mojave 10.14.6
- Impact: A local attacker may be able to elevate their privileges
- Description: This issue was addressed by updating to sudo version 1.9.5p2.
- CVE-2021-3156: Qualys
The updates to macOS Catalina and macOS Big Sur also include two other security fixes:
Intel Graphics Driver
- Available for: macOS Big Sur 11.2, macOS Catalina 10.15.7
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: An out-of-bounds write was addressed with improved input validation.
- CVE-2021-1805: ABC Research s.r.o. working with Trend Micro Zero Day Initiative
Intel Graphics Driver
- Available for: macOS Big Sur 11.2, macOS Catalina 10.15.7
- Impact: An application may be able to execute arbitrary code with kernel privileges
- Description: A race condition was addressed with additional validation.
- CVE-2021-1806: ABC Research s.r.o. working with Trend Micro Zero Day Initiative
You can now update your Mac to the latest version of macOS by heading to the Software Update menu in the System Preferences app.
FTC: We use income earning auto affiliate links.More.
Apple has fixed a zero-day vulnerability in macOS exploited in the wild by Shlayer malware to bypass Apple's File Quarantine, Gatekeeper, and Notarization security checks and download second-stage malicious payloads.
Shlayer's creators have managed to get their malicious payloads through Apple's automated notarizing process before.
If they pass this automated security check, macOS apps are allowed by Gatekeeper—a macOS security feature that verifies if downloaded apps have been checked for known malicious content—to run on the system.
In the past, Shlayer also used a two-year-old technique to escalate privileges and disable macOS' Gatekeeper to run unsigned second-stage payloads in a campaign detected by Carbon Black’s Threat Analysis Unit.
Zero-day exploited in the wild to deploy malware
The Jamf Protect detection team discovered that starting January 2021, the Shlayer threat actors created unsigned and unnotarized Shlayer samples have begun exploiting a zero-day vulnerability (tracked as CVE-2021-30657), discovered and reported to Apple by security engineer Cedric Owens.
![BUG BOY Mac OS BUG BOY Mac OS](https://cdn.arstechnica.net/wp-content/uploads/2020/11/Screen-Shot-2020-11-12-at-12.43.44-AM.jpg)
As revealed by security researcher Patrick Wardle, this now fixed bug takes advantage of a logic flaw in the way Gatekeeper checked if app bundles were notarized to run on fully-patched macOS systems.
Wardle added that 'this flaw can result in the misclassification of certain applications, and thus would cause the policy engine to skip essential security logic such as alerting the user and blocking the untrusted application.'
Unlike previous variants that required victims to right-click and then open the installer script, recent malware variants abusing this zero-day and distributed using poisoned search engine results and compromised websites can be launched by double-clicking.
Today, Apple has released a security update to fix the vulnerability in macOS Big Sur 11.3 and block malware campaigns actively abusing it.
Bug Boy Mac Os Catalina
Users are now alerted that malicious apps 'cannot be opened because the developer cannot be identified' and advised to eject the mounted disk image because it may contain malware.
The Shlayer macOS malware
Shlayer is a multi-stage trojan that attacked over 10% of all Macs, according to a Kaspersky report from January 2020.
Bug Boy Mac Os Update
Intego's research team spotted Shlayer for the first time in a malware campaign in February 2018, camouflaged as a fake Adobe Flash Player installer just as many other malware families targeting macOS users.
Unlike original variants, which were pushed via torrent sites, new Shlayer samples are now spread via fake update pop-ups shown on hijacked domains or clones of legitimate sites, or in far-reaching malvertising campaigns plaguing legitimate websites.
After infecting a Mac, Shlayer installs the mitmdump proxy software and a trusted certificate to analyze and modify HTTPS traffic, allowing it to monitor the victims' browser traffic or inject ads and malicious scripts in visited sites.
Even worse, this technique allows the malware to alter encrypted traffic, such as online banking and secure email.
While Shlayer's creators currently only deploy only adware as a secondary payload, they can quickly switch to more dangerous payloads such as ransomware or wipers at any time.
One more zero-day exploited in the wild fixed today
Bug Boy Mac Os X
Today, the company another WebKit Storage zero-day bug exploited in the wild, tracked as CVE-2021-30661, and impacting iOS and watchOS devices by improving memory management.
The vulnerability allows attackers to execute arbitrary code after tricking targets into opening a maliciously crafted website on their devices.
The list of affected devices includes those running:
- Apple Watch Series 3 and later
- iPhone 6s and later, iPad Pro (all models), iPad Air 2 and later, iPad 5th generation and later, iPad mini 4 and later, and iPod touch (7th generation)
In total, with today's security updates for macOS and iOS bugs exploited in the wild, Apple has addressed nine zero-days since November.
The company patched three other iOS zero-days—a remote code execution bug (CVE-2020-27930), a kernel memory leak (CVE-2020-27950), and a kernel privilege escalation flaw (CVE-2020-27932)—affecting iPhone, iPad, and iPod devices in November.
In January, Apple fixed a race condition bug in the iOS kernel (tracked as CVE-2021-1782) and two WebKit security flaws (tracked as CVE-2021-1870 and CVE-2021-1871).