the internet storm center put together a brief guide with security tips for a macOS Sierra upgrade. https://isc.sans.edu/forums/diary/Getting+Ready+for+macOS+Sierra+Upgrade+Securely/21465/
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Security tips when upgrading to macOS Sierra
- Thread starter underattack
- Start date
-
- Tags
- macos sierra security upgrade
- Sort by reaction score
Sorry, not overly impressed with that one...
Errors/oversights in article:
Siri
"Not everybody may be comfortable with having Siri listen in"
- Siri is NOT listening in. Unlike newer iOS devices, on macOS you must invoke Siri to have her listen to you.
Apple Watch Screen Unlock
Only 2013 and newer Mac’s (without workarounds) - this article assumes it will just work for everyone. The author admits they didn’t have an Apple Watch (so, why are they commenting???)
- they repeat themselves by mentioning the feature again in the Continuity section (why??)
Gatekeeper
Completely missed mentioning the right/control click, Open to launch unsigned apps, rather than having to go into security preferences.
Summary
“Please consult various OS X hardening guides for advice.”
Why publish an article advocating security only to tell people to run off and google what they should be doing? To have any value or credibility there should have been recommended links published with the article.
In addition, the iClould Keychain information seems to be inaccurate. I am fairly sure that just having the iCloud password is not sufficient. One also needs access to a device on which the keychain is already present. And if the attacker has these two things, then they probably got your password info already.
BTW, the iCloud Keychain is probably my most favourite feature ever. No more lost passwords after reinstalling machines!
BTW, the iCloud Keychain is probably my most favourite feature ever. No more lost passwords after reinstalling machines!
I'm running into issues where this method does not always work in Sierra. DMGs that are confirmed to work on 10.11 and earlier when Gatekeeper is set to "Anywhere"....are not working in Sierra with the right click - Open method. Not good.
Hmm. Maybe Apple's tightened things up again. How you disable the Gatekeeper nastiness is:
sudo spctl --master-disable
That's supposed to make behaviour the same as in El Cap.
On the beta's it didn't seem to make any difference. Maybe they re-enabled it in the GM.
Hmm, tried that, and still can't open the dmgs in question.
Edit: It did however bring back "Anywhere" as an option, but the behavior is not the same.
Could you point us to some of the packages that are not working? All installers worked so far for me on 10.12
In this instance, the certificate used to sign the install application is not recognized as valid in 10.12.
Thanks I assumed so. Yet it still works on 10.11 and earlier, so I have to assume that Apple has done more to prevent Apps that are not/no longer signed.
If 10.11 didn't recognize the certificate, you'd get the same message. For some reason, Apple has decided to invalidate something with the certificate.
I saw screenshot of Sierra setup process. In Enable Location Services screen there was not option to skip this, just continue button which i guess enables it.
Or is this only in new machines without any user accounts?
If i have El Capitan and Location Services are disabled, does it then have option to keep it disabled?
Or is this only in new machines without any user accounts?
If i have El Capitan and Location Services are disabled, does it then have option to keep it disabled?