www.intego.com
Open in
urlscan Pro
2606:4700::6812:6a
Public Scan
URL:
https://www.intego.com/mac-security-blog/does-the-regresshion-vulnerability-impact-macs-how-to-disable-remote-login/
Submission Tags: falconsandbox
Submission: On July 10 via api from US — Scanned from US
Submission Tags: falconsandbox
Submission: On July 10 via api from US — Scanned from US
Form analysis 2 forms found in the DOM
GET https://www.intego.com/mac-security-blog/
<form role="search" method="get" id="searchform" action="https://www.intego.com/mac-security-blog/">
<label class="assistive-text" for="s">Search for:</label>
<input type="search" placeholder="Search the Blog" value="" name="s" id="s">
<input type="image" src="https://www.intego.com/mac-security-blog/wp-content/themes/starkers-html5-master/images/btn_search.png" id="searchsubmit" class="btn">
</form>GET /api/1/subscribe
<form action="/api/1/subscribe" method="GET">
<input type="hidden" name="newsletter[]" value="mac_security">
<div class="submit-ct">
<label for="newsletter_email" class="placeholder-fallback">Email address:</label>
<input type="text" name="email" value="" id="newsletter_email" title="Enter email address" placeholder="Email address" class="email">
<input type="submit" value="Submit" class="submit" title="Submit">
</div>
</form>Text Content
Intego Logo
* Buy Now
MENU ☰
* Our Products
Mac
Windows
INTEGO HOME PRODUCTS
COMPATIBLE WITH MACOS VENTURA!
Mac Internet Security X9
Mac Premium Bundle X9
INTEGO HOME PRODUCTS
Security
VirusBarrier X9
NetBarrier X9
Privacy
ContentBarrier X9
Intego Privacy Protection New
Utility
Mac Washing Machine X9
Personal Backup 10.9
INTEGO HOME WINDOWS PRODUCTS
COMPATIBLE WITH WINDOWS 7, 8, 10 AND 11
Intego Antivirus
Intego Privacy Protection
Intego Home Products
* Mac Premium Bundle X9
* Mac Internet Security X9
Intego Home Windows Products
* Intego Antivirus
* Intego Privacy Protection
* For Business
* Blog
* Support
* Customer Support
* Knowledge Base
* Downloads
* Submit Malware
* Contact Support
* Check Your Requests
* Upgrade
* Renew
* Request A Quote
* My Account
* Buy Now
The Mac Security Blog
Search for:
SHARE
Shares
Tweets
Shares
Pins
Print
Security & Privacy
DOES THE “REGRESSHION” VULNERABILITY IMPACT MACS? HOW TO DISABLE REMOTE LOGIN
Posted on July 2nd, 2024 by Joshua Long
A high-severity vulnerability called regreSSHion impacts OpenSSH, and may affect
Macs. Here’s everything Mac users should know.
On Monday, July 1, the maintainers of OpenSSH, an open-source software package,
released a major security update. OpenSSH is built into many operating systems,
including macOS—the operating system that powers Apple’s Mac computers.
The July 1 update, OpenSSH 9.8p1, patches a single vulnerability: “regreSSHion,”
aka CVE-2024-6387. How might this vulnerability affect Macs? Should Mac users be
concerned? What can be done about it? Let’s explore those answers.
In this article:
* What is OpenSSH? How do Macs use it?
* What is the “regreSSHion” vulnerability (CVE-2024-6387)?
* What version of OpenSSH is built into macOS? Is it vulnerable?
* What does Apple have to say about regreSSHion?
* How can I disable Remote Login on macOS if I don’t use it?
* How can I learn more?
WHAT IS OPENSSH? HOW DO MACS USE IT?
OpenSSH is mainly used to establish a secure connection between a computer and a
remote server. It is commonly associated with the command-line tool “ssh” (short
for “secure shell”) which can be used in the Mac’s Terminal app.
Macs have a feature (which can be enabled in System Settings, under General >
Sharing) called Remote Login; it is off by default. If a user enables the
feature, “Remote Login lets users of other computers access this computer using
SSH and SFTP,” according to Apple. Anyone on the same network can then attempt
to connect to your Mac silently via SSH. Behind the scenes, Remote Login uses
the open-source software OpenSSH.
If you set up port forwarding on your home router or company firewall, then SSH
can even be made accessible to any computer on the Internet. One company
observed more than 7 million vulnerable OpenSSH servers connected to the
Internet on July 1, the day of the disclosure and patch.
WHAT IS THE “REGRESSHION” VULNERABILITY (CVE-2024-6387)?
Qualys, the company that discovered the vulnerability, describes it as follows:
> regreSSHion, CVE-2024-6387, is an unauthenticated remote code execution [(RCE)
> vulnerability] in OpenSSH’s server (sshd) that grants full root access. It
> affects the default configuration and does not require user interaction. It
> poses a significant exploit risk.
The summary from NIST’s National Vulnerability Database adds some additional
detail:
> A security regression (CVE-2006-5051) was discovered in OpenSSH’s server
> (sshd). There is a race condition which can lead […] sshd to handle some
> signals in an unsafe manner. An unauthenticated, remote attacker may be able
> to trigger it by failing to authenticate within a set time period.
NIST gives this vulnerability an 8.1 (out of 10) CVSS score, which is considered
“high” severity.
The name “regreSSHion” is a pun based on SSH and the programming term
“regression” (in this case, referring to the reintroduction of a past security
bug).
WHAT VERSION OF OPENSSH IS BUILT INTO MACOS? IS IT VULNERABLE?
As of macOS Sonoma 14.5, Macs include OpenSSH version 9.6p1, which is an
affected version; the only fully patched version is 9.8p1 (or 9.8). You can
check your own Mac’s OpenSSH version via the Terminal:
% /usr/bin/ssl -V
OpenSSH_9.6p1, LibreSSL 3.3.6
(Note that macOS Sonoma currently also includes an outdated and highly
vulnerable version of LibreSSL that is more than two years old. We have been
covering this on The Mac Security Blog since last year, soon after macOS
Sonoma’s public release. Apple has continued to ignore our inquiries about it.)
While the particular version of OpenSSH built into Macs is known to be
vulnerable, attackers can only exploit the regreSSHion vulnerability under
specific conditions. Qualys only notes that the vulnerability “likely” exists in
macOS. However, Qualys stated that it did not investigate macOS specifically,
and that the exploitability of the bug on macOS “remains uncertain.”
WHAT DOES APPLE HAVE TO SAY ABOUT REGRESSHION?
Publicly, Apple has remained quiet about whether macOS is affected.
Apple did not respond to Intego’s inquiry about the vulnerability. It is unclear
whether Apple has done any internal testing related to regreSSHion, or whether
(and when) the company plans to release a security patch.
Reportedly, customers who contacted AppleCare Enterprise Support Engineering got
a generic response: “To protect our customers, Apple does not disclose, discuss
or confirm security issues until a full investigation has occurred and any
necessary patches or releases are available.”
HOW CAN I DISABLE REMOTE LOGIN ON MACOS IF I DON’T USE IT?
Apple’s “Remote Login” feature, which enables remote SSH access to a Mac, is
disabled by default. You can easily check whether it’s enabled on your Mac.
If you don’t use Remote Login but you find that it’s enabled on your Mac, it’s
probably a good idea to disable it. This will help reduce your attack surface,
i.e. the potential ways in which you could potentially be attacked.
If you use macOS Ventura, macOS Sonoma, or macOS Sequoia beta:
1. Click on the Apple menu in the top-left corner of the screen, then click
System Settings…
2. Click on General, then click on Sharing.
3. In the Advanced section, make sure that the toggle switch (slider) next to
Remote Login is in the off position (i.e. the circle is on the left).
If you use macOS Monterey or earlier, please note that your Mac’s operating
system contains numerous vulnerabilities that will never be patched. Apple
provides only minimal security patches for the two previous versions of macOS,
and zero patches for versions older than that. However, if your Mac doesn’t
officially support macOS Sonoma (and if you’re unwilling to upgrade macOS using
an unsupported method), you can disable Remote Login as follows:
1. Click on the Apple menu in the top-left corner of the screen, then click
System Preferences…
2. Click on Sharing.
3. On the left side of the window, make sure that the checkbox next to Remote
Login is unchecked.
Is your Mac Secured?
Check out Intego’s store and find the right product for you.
Secure Your Digital Life Now
HOW CAN I LEARN MORE?
To learn more about the regreSSHion vulnerability, you can read Qualys’s
overview, blog post and FAQ, and technical advisory.
We briefly discussed regreSSHion on episode 351 of the Intego Mac Podcast.
Each week on the Intego Mac Podcast, Intego’s Mac security experts discuss the
latest Apple news, security, and privacy stories, and offer practical advice on
getting the most out of your Apple devices. Be sure to follow the podcast to
make sure you don’t miss any episodes.
You can also subscribe to our e-mail newsletter and keep an eye here on The Mac
Security Blog for the latest Apple security and privacy news. And don’t forget
to follow Intego on your favorite social media channels:
SHARE THIS:
* Twitter
* Facebook
*
ABOUT JOSHUA LONG
Joshua Long (@theJoshMeister), Intego's Chief Security Analyst, is a renowned
security researcher and writer, and an award-winning public speaker. Josh has a
master's degree in IT concentrating in Internet Security and has taken
doctorate-level coursework in Information Security. Apple has publicly
acknowledged Josh for discovering an Apple ID authentication vulnerability. Josh
has conducted cybersecurity research for more than 25 years, which has often
been featured by major news outlets worldwide. Look for more of Josh's articles
at security.thejoshmeister.com and follow him on X/Twitter, LinkedIn, and
Mastodon. View all posts by Joshua Long →
This entry was posted in Security & Privacy and tagged Vulnerabilities. Bookmark
the permalink.
POPULAR STORIES
* How to Install macOS Sonoma (or Sequoia) on Unsupported Macs, for Security
Improvements
* The Complete Guide to Apple Watch Bands in 2024: Sizing, Styles, and More
* How to run Windows 11 for FREE on a Mac with an M1, M2, or M3 chip
* When does an old Mac become unsafe to use?
FOLLOW INTEGO
RECOMMENDED
* Security & Privacy
When does an old Mac become unsafe to use?
* Apple
When does an old iPhone become unsafe to use?
* Apple
How to choose the right Mac for you in 2024
* How To
USB-C and Thunderbolt: Understanding Ports and Cables for Macs, iPhones, and
iPads
SUBSCRIBE
Sign up for a Free Mac Security Newsletter to stay updated.
Email address:
APPLE NEWS
* When does an old iPad become unsafe to use?
* Apple Intelligence: Why most users won’t get it
* Apple announces AI operating systems at WWDC24: macOS Sequoia, iOS 18, iPadOS
18, and more
* Apple still leaving critical vulnerabilities unpatched in macOS Sonoma
No related posts.
SECURITY PRODUCTS FOR HOME
* Mac Internet Security X9
* Mac Premium Bundle X9
* ContentBarrier X9
* ContentBarrier Secure X9
* Mac Washing Machine X9
* Mac Washing Machine Secure X9
* Intego Antivirus for Windows
* Intego Privacy Protection
SECURITY PRODUCTS FOR BUSINESS
* VirusBarrier X9
* NetBarrier X9
SUPPORT
* Knowledge Base
* Downloads
* Submit Malware
* Contact Support
* Check Your Requests
MAC RESOURCE CENTER
* New Mac User Center
* Malware Definitions
* Glossary of Terms
* Why Trust a PC Vendor?
* Free Mac Antivirus
COMPANY
* News
* Careers
* Awards
* Partners
* Privacy Policy
* Terms of Use
* Submission Policy
* Contact Us
DOWNLOADS AND UPGRADES
* Renew
* Upgrade
* Buy Now
* Free Trial
* Student Discount
FIND US
* Facebook
* Twitter
* LinkedIn
* YouTube
SITEMAP
Intego Logo
* Privacy Policy | Terms of Use
Copyright © 2023 Intego
Microsoft and Windows are trademarks of the Microsoft group of companies
* English
* Français
* Deutsch
* 日本語
* Español
Get Offer