A bug report submitted on Open Radar this week reveals a security vulnerability in the current version of macOS High Sierra that allows the App Store menu in System Preferences to be unlocked with any password. From a report: MacRumors is able to reproduce the issue on macOS High Sierra version 10.13.2, the latest public release of the operating system, on an administrator-level account by following these steps: 1. Click on System Preferences. 2. Click on App Store. 3. Click on the padlock icon to lock it if necessary. 4. Click on the padlock icon again. 5. Enter your username and any password. 6. Click Unlock. As mentioned in the radar, System Preferences does not accept an incorrect password with a non-administrator account. We also weren’t able to unlock any other System Preferences menus with an incorrect password. We’re unable to reproduce the issue on the third or fourth betas of macOS High Sierra 10.13.3, suggesting Apple has fixed the security vulnerability in the upcoming release. However, the update currently remains in testing. Read more of this story at Slashdot.
More:
macOS High Sierra’s App Store System Preferences Can Be Unlocked With Any Password
An anonymous reader shares a report: A mysterious piece of malware has been infecting hundreds of Mac computers for years — and no one noticed until a few months ago. The malware is called “FruitFly, ” and one of its variants, “FruitFly 2” has infected at least 400 victims over the years. FruitFly 2 is intriguing and mysterious: its goals, who’s behind it, and how it infects victims, are all unknown. Earlier this year, an ex-NSA hacker started looking into a piece of malware he described to me as “unique” and “intriguing.” It was a slightly different strain of a malware discovered on four computers earlier this year by security firm Malwarebytes, known as “FruitFly.” This first strain had researchers scratching their heads. On the surface, the malware seemed “simplistic.” It was programmed mainly to surreptitiously monitor victims through their webcams, capture their screens, and log keystrokes. But, strangely, it went undetected since at least 2015. There was no indication of who could be behind it, and it contained “ancient” functions and “rudimentary” remote control capabilities, Malwarebytes’s Thomas Reed wrote at the time. Read more of this story at Slashdot. 
Apple will be phasing out 32-bit apps with iOS 11, and soon the company will make the same changes on its macOS operating system. During its Platform State of the Union keynote at the Worldwide Developers Conference, Apple told developers that macOS High Sierra will be the “last macOS release to support 32-bit apps without compromises.” MacRumors reports: Starting in January of 2018, all new apps submitted to the Mac App Store must be 64-bit, and all apps and app updates submitted must be 64-bit by June 2018. With the next version of macOS after High Sierra, Apple will begin “aggressively” warning users about 32-bit apps before eventually phasing them out all together. In iOS 11, 32-bit apps cannot be installed or launched. Attempting to open a non-supported 32-bit app gives a message notifying users that the app needs to be updated before it can run on iOS 11. Prior to phasing out 32-bit apps on iOS 11, Apple gave both end users and developers several warnings, and the company says it will follow the same path for the macOS operating system. Read more of this story at Slashdot. 
An anonymous reader quotes a report from TechCrunch: Nearly two decades after its 1998 release, StarCraft is now free. Legally! Blizzard has just released the original game — plus the Brood War expansion — for free for both PC and Mac. You can find it here. Up until a few weeks ago, getting the game with its expansion would’ve cost $10-15 bucks. The company says they’ve also used this opportunity to improve the game’s anti-cheat system, add “improved compatibility” with Windows 7, 8.1, and 10, and fix a few long lasting bugs. So why now? The company is about to release a remastered version of the game in just a few months, its graphics/audio overhauled for modern systems. Once that version hits, the original will probably look a bit ancient by comparison — so they might as well use it to win over a few new fans, right? Read more of this story at Slashdot. 
An anonymous reader quotes a report from Softpedia: It’s finally here! After so many months of development and hard work, during which over 6, 600 bugs have been patched, the Wine project is happy to announce today, January 24, 2017, the general availability of Wine 2.0. Wine 2.0 is the biggest and most complete version of the open-source software project that allows Linux and macOS users to run applications and games designed only for Microsoft Windows operating systems. As expected, it’s a massive release that includes dozens of improvements and new features, starting with support for Microsoft Office 2013 and 64-bit application support on macOS. Highlights of Wine 2.0 include the implementation of more DirectWrite features, such as drawing of underlines, font fallback support, and improvements to font metrics resolution, font embedding in PDF files, Unicode 9.0.0 support, Retina rendering mode for the macOS graphics driver, and support for gradients in GDI enhanced metafiles. Additional Shader Model 4 and 5 shader instructions have been added to Direct3D 10 and Direct3D 11 implementation, along with support for more graphics cards, support for Direct3D 11 feature levels, full support for the D3DX (Direct3D Extension) 9 effect framework, as well as support for the GStreamer 1.0 multimedia framework. The Gecko engine was updated to Firefox 47, IDN name resolutions are now supported out-of-the-box, and Wine can correctly handle long URLs. The included Mono engine now offers 64-bit support, as well as the debug registers. Other than that, the winebrowser, winhlp32, wineconsole, and reg components received improvements. You can read the full list of features and download Wine 2.0 from WineHQ’s websiteS. Read more of this story at Slashdot. 
An anonymous reader writes: Swedish hardware hacker Ulf Frisk has created a device that can extract Mac FileVault2 (Apple’s disk encryption utility) passwords from a device’s memory before macOS boots and anti-DMA protections kick in. The extracted passwords are in cleartext, and they also double as the macOS logon passwords. The attack requires physical access, but it takes less than 30 seconds to carry out. A special device is needed, which runs custom software (available on GitHub), and uses hardware parts that cost around $300. Apple fixed the attack in macOS 10.12.2. The device is similar to what Samy Kamker created with Poison Tap. Read more of this story at Slashdot.