I have an old (2015) iMac running OS 10.12.6. Because of hardware constraints (I think) I haven’t been able to update the OS for years now so am stuck with using 10.12.6.
Is my machine vulnerable to ForcedEntry? If so, is it possible to patch the vulnerability using such an old OS?
My parents asked me this same thing. My response was that I can’t say for sure, but most likely the answer is yes. There’s not much to do about it though since such an old version of macOS is not getting updates anymore. That said, it’s unclear how old of an OS version you have to go back to for the exploit to not work anymore.
Also, this is a highly-focused attack with apparent government backing so most normal people are not targets. That could mean while older Macs and iPhones are technically vulnerable, they may not be worth exploiting, but that’s just a supposition on my part. All the media attention has been solely focused on just the latest one or two versions of iOS and macOS as if nobody’s running anything older.
While I doubt it will be patched, the article linked in the OP makes it seem like it would be easy to mitigate. It says that the exploit is in the PDF parser for the computer.
If that’s the case, you could likely mitigate it by installing a third party PDF reader, and never open PDFs in anything else. Set it up as the default for PDFs, and maybe don’t open any PDFs directly from Safari.
You’d need to make sure the new PDF reader didn’t use Apple’s Coregraphics library, but I doubt, say, Adobe Reader would use that and not their own rendering library.
Yeah but these exploits have been PDFs masquerading as GIFs and coming through iMessage without any user interaction or notice. If that’s a different exploit that I’m thinking about I apologize, but the point is that it’s not so simple.