MacOS High Sierra released

New major version of macOS available now, with some cool new features and updates
26 September 2017   292

Good news for all Mac users and Apple lovers. New major version of macOS released. It is called High Sierra. 

What's new in macOS High Sierra?

The new version of macOS was announced on the WWDC 2017. Before now, only beta version was available. 

macOS High Sierra
macOS High Sierra

So, the major updates and changes are:

Apple File System update. New version of file system for Macs is way faster and safer. It allows users to work with flash drives of high capacity, standard functions are being performed faster, for example, copying files, and also includes built-in encryption.

macOS High Sierra
macOS High Sierra

Metal 2. A new version of Metal technology, now supports virtual reality and external graphics processors. High Sierra Macs are able to work with VR-solutions due to improved support for  SteamVR from Valve and HTC Vive. As for macOS developer, it enables you to maximize the graphics and compute potential of macOS apps. Metal 2 further boosts performance by letting the GPU take more control of the rendering pipeline. Metal Performance Shaders comes to Mac helping your app to accelerate much more than just graphics. It also offers enhanced developer tools that make it even easier to debug, optimize, and deploy apps that use Metal. macOS High Sierra gives developers and content creators the ability to create stunning video and 3D content using the whole new level of interactivity that VR provides.

macOS High Sierra Metal 2
macOS High Sierra Metal 2

HEVC. Now Mac users are able to work with HEVC (High Efficiency Video Coding) videos. It allows to view 4k video and use 40% less memory. HEVC is designed to help users send videos faster and safe computer's memory.

New photo tools. Advanced side menu, new filters, editing tools and effects for Live Photos.

macOS High Sierra photo tools
macOS High Sierra photo tools

Safari update. The updated Safari browser will disable automatic video playback, it deletes the cookies of third-party ad networks every 24 hours, open web pages in Reader mode without ads and allow creating individual settings for each site. 

macOS High Sierra Safari settings
macOS High Sierra Safari settings

Supported versions. With macOS High Sierra, the MacBook and iMac are not older than 2009, the MacBook Air is not older than 2010 and the MacBook Pro, Mac mini and Mac Pro are not older than mid-2010.

All modern Wi-Fi routers are threatened

KRACK researchers: "The attack works against all modern protected Wi-Fi networks"
16 October 2017   446

On Sunday, 15.10.2017, a Wi-Fi security research results were published. This is reported by the Ars Technica. 

What research? 

The research is called KRACK (Key Reinstallation Attacks). The research has been a big secret for weeks ahead of a coordinated disclosure that is scheduled for 8 a.m. Monday, east coast time. US CERT described the KRACK:

US-CERT has become aware of several key management vulnerabilities in the 4-way handshake of the Wi-Fi Protected Access II (WPA2) security protocol. The impact of exploiting these vulnerabilities includes decryption, packet replay, TCP connection hijacking, HTTP content injection, and others. Note that as protocol-level issues, most or all correct implementations of the standard will be affected. The CERT/CC and the reporting researcher KU Leuven, will be publicly disclosing these vulnerabilities on 16 October 2017.
 

US CERT team

What had researchers found? 

According to official website of KRACK, they've discovered serious weaknesses in WPA2, a protocol that secures all modern protected Wi-Fi networks. An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). The attack works against all modern protected Wi-Fi networks. Depending on the network configuration, it is also possible to inject and manipulate data. For example, an attacker might be able to inject ransomware or other malware into websites. The weaknesses are in the Wi-Fi standard itself, and not in individual products or implementations. Therefore, any correct implementation of WPA2 is likely affected.

Researchers says that if your device supports Wi-Fi, it is most likely affected. They've discovered that: 

  • Android 
  • Linux 
  • Apple 
  • Windows 
  • OpenBSD 
  • MediaTek 
  • Linksys
  • and others.

are in danger. 

Demo

As a proof-of-concept team executed a key reinstallation attack against an Android smartphone. In this demonstration, the attacker is able to decrypt all data that the victim transmits. For an attacker this is easy to accomplish, because our key reinstallation attack is exceptionally devastating against Linux and Android 6.0 or higher. 

FAQ

KRACK team also released big FAQ list. We are publishing the most interesting.

  • Do we now need WPA3?
    • No, luckily implementations can be patched in a backwards-compatible manner. This means a patched client can still communicate with an unpatched access point, and vice versa.
  • Should I change my Wi-Fi password?
    • Changing the password of your Wi-Fi network does not prevent (or mitigate) the attack.
  • Is my device vulnerable?
    • Probably. Any device that uses Wi-Fi is likely vulnerable. Contact your vendor for more information.
  • Should I temporarily use WEP until my devices are patched?
    • NO! Keep using WPA2.

Learn more at KRACK official website.