I have just been notified by simplex.com that I'm the victim of a cyber-attack.
"We wish to warn you that the following pieces of data have been leaked by the cybercriminal: name, surname, date of birth, your address, the country you live in, your citizenship, the type and number of the document you provided to use to verify your identity."
Apple has used the force-upgrade path which you cannot opt out of (at least not easily) and which is permitted by their TOU, exactly twice, both to address serious security vulnerabilities.
Once for this problem, and once for the NTP security bug in 2014. That is it.
There are options in macOS to automatically install various types of updates, labeled as 'app updates', 'macOS updates', 'system data files and security updates'. Maybe m6g6a has the last one checked.
I opened App Store and just had it waiting for me. Where the name would normally be in the Updates tab, it just reads "Install this update as soon as possible." [0]
”Q. Automatic Updates. The Apple Software will periodically check with Apple for updates to the Apple Software. If an update is available, the update may automatically download and install onto your computer and, if applicable, your peripheral devices. _By using the Apple Software, you agree that Apple may download and install automatic updates onto your computer and your peripheral devices_. You can turn off automatic updates altogether at any time by changing the automatic updates settings found within System Preferences.”
It's a massive global security vulnerability with huge amounts of public exposure (so any malicious user is well aware they can take advantage). If they did, wouldn't be surprised and I'd be glad they did.
Click AppleMenu > About this mac > System Report, and scroll down to Software > Installations, and click on the "Install Date" column header twice to sort by install date descending, and you will discover apple pushing updates very frequently for things like "MRTConfigData", "XProtectPlistConfigData", "Voice Update - Samantha", "Gatekeeper Configuration Data", "Chinese word list update" etc etc.
They do have this capability, and have for years, although they rarely use it. They're force-pushing this update later today. It says so right in their statement:
"the update is available for download, and starting later today it will be automatically installed on all systems running the latest version (10.13.1) of macOS High Sierra"
The update didn't auto-install for me. I suppose it only does that when "Install system data files and security updates" is enabled in System Preferences -> App Store.
Actually there’s some security reasons why. An iCloud id have muliple purposes in the Apple ecosystem. You can use it like an e-mail address or caller/messaging contact id. Now imagine if they will free up your username and later someone else will register it. Or worst, you used that e-mail address to register in some other services.
somewhat related - if anyone else is still using the browser version of Facebook on their mobile phones (m.facebook.com) instead of downloading the app, it doesn't let you view messages and gives you an unskippable prompt to download Messenger, but this restriction is not there if you use the mobile basic interface (which also uses less data! mbasic.facebook.com)
