Tag Archives: macOS High Sierra

Mac eGPU Support Guide for macOS 10.13.4

Official Mac eGPU support just arrived with macOS 10.13.4! Yes, you can now add an eGPU (external graphics processor) to your Mac, greatly accelerating its performance and turning it into a gaming machine. Get the full details on the Mac eGPU support you can expect!

 

New Mac eGPU Support

eGPUs have been in the market for a number of years now, but this is the first time Apple has added official support for them. The new official Mac eGPU support is limited to :

  • MacBook Pro notebooks released in 2016 or later,
  • iMac computers released in 2017 or later, and
  • the iMac Pro

Once you have macOS 10.13.4 installed, you will be able to :

  • Accelerate applications that use Metal, OpenGL, and OpenCL
  • Connect additional external monitors and displays
  • Use virtual reality headsets plugged into the eGPU
  • Charge your MacBook Pro while using the eGPU
  • Use an eGPU with your MacBook Pro while its built-in display is closed
  • Connect an eGPU while a user is logged in
  • Connect more than one eGPU using the multiple Thunderbolt 3 (USB-C) ports on your Mac2
  • Use the menu bar item  to safely disconnect the eGPU
  • View the activity levels of built-in and external GPUs. Open Activity Monitor, then choose Window > GPU History.

 

Mac eGPU Support In Applications

The new Mac eGPU support is designed to accelerate Metal, OpenGL and OpenCL applications. In general, installing an eGPU will accelerate these kinds of applications :

  • Professional applications designed to utilise multiple GPUs
  • 3D games, when an external monitor is attached directly to the eGPU
  • VR applications, when a VR headset is attached directly to the eGPU
  • Professional applications and 3D games that can accelerate the built-in display

For the best results, you should set the display attached to the eGPU as the primary display :

  1. Go to System Preferences > Displays
  2. Select the Arrangement tab
  3. Drag the white menu bar to the box that represents the display attached to the eGPU

Note : The eGPU support  won’t run in Windows using Boot Camp, or when your Mac is in the macOS Recovery mode, or while installing system updates.

 

Recommended Mac eGPU Configurations

If you are looking for a pre-configured all-in-one Thunderbolt 3 eGPU package, this was recommended by Apple :

  • Sonnet Radeon RX 570 eGFX Breakaway Puck : $599

Here is a list of recommended graphics cards :

  • AMD Radeon Vega Frontier Edition : $929
  • AMD Radeon Pro WX 9100 : $1,749
  • AMD Radeon Pro WX 7100 : $626
  • Sapphire Radeon RX Vega 64 : Price Check
  • XFX Radeon RX Vega 64 : $1,349
  • Sapphire Radeon RX Vega 56 : $799
  • XFX Radeon RX Vega 56 : Price Check

And these are the recommended Mac eGPU Thunderbolt 3 chassis for the recommended graphics cards :

AMD Radeon RX Vega 64 / Frontier Edition / Radeon Pro WX 9100

  • Sonnet eGFX Breakaway Box 650W ($449, $1,299 with Vega 64)

AMD Radeon RX Vega 56

[adrotate group=”2″]
  • OWC Mercury Helios FX ($319)
  • PowerColor Devil Box
  • Sonnet eGFX Breakaway Box 550W ($329, $729 with RX 580)
  • Sonnet eGFX Breakaway Box 650W ($449, $1,299 with Vega 64)

AMD Radeon RX 570 / 580 / Radeon Pro WX 7100

  • OWC Mercury Helios FX ($319)
  • PowerColor Devil Box
  • Sapphire Gear Box
  • Sonnet eGFX Breakaway Box 350W ($249, $649 with RX 580)
  • Sonnet eGFX Breakaway Box 550W ($329, $729 with RX 580)
  • Sonnet eGFX Breakaway Box 650W ($449, $1,299 with Vega 64)

Go Back To > Guides | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The Apple Spectre + Meltdown Patches Detailed!

Within a week after the Meltdown and Spectre exploits revealed, the first Apple Spectre patches were introduced. And Apple has finally released their next slew of patches that will help protect Apple computers against Meltdown and Spectre.

There has been some confusion about what was “fixed” in which patch. In this article, we will share with you exactly mitigations were introduced in which OS X update. As usual, we will update this article, as and when new Apple Spectre or Meltdown patches are released.

 

The Apple Spectre + Meltdown Patches

macOS High Sierra 10.13.2 Supplemental Update

Date Of Introduction : 8 January 2018
Operating System Patched : macOS 10.13 High Sierra
GPZ Variant Addressed : Spectre 1 and 2 (CVE-2017-5753 and CVE-2017-5715)

The first known update was the macOS High Sierra 10.13.2 Supplemental Update. It introduced a number of mitigations against the two Spectre variants (CVE-2017-5753 and CVE-2017-5715). Specifically, several security improvements were made to Safari and WebKit.

After updating, Safari will be upgraded to version 11.0.2 (13604.4.7.1.6) or version 11.0.2 (13604.4.7.10.6).

 

Security Update 2018-001 Sierra

[adrotate group=”2″]

Date Of Introduction : 23 January 2018
Operating System Patched : macOS 10.12 Sierra
GPZ Variant Addressed : Meltdown (CVE-2017-5754)

This security update patched all versions of macOS Sierra against the Meltdown exploit (CVE-2017-5754).

 

Security Update 2018-001 El Capitan

Date Of Introduction : 23 January 2018
Operating System Patched : OS X 10.11 El Capitan
GPZ Variant Addressed : Meltdown (CVE-2017-5754)

This security update patched all versions of OS X El Capitan against the Meltdown exploit (CVE-2017-5754).

 

Outstanding Apple Spectre + Meltdown Patches

From what we understand, these are the likely Apple Spectre and Meltdown patches that are still outstanding, and will eventually be released :

  1. A Meltdown patch for macOS High Sierra
  2. Spectre mitigation patches for macOS Sierra and OS X El Capitan
  3. EFI firmware updates for various Mac computers

We will update this article, as and when new Apple Spectre or Meltdown patches are released.

Go Back To > Guides | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Apple Rushed Out macOS Root Bug Fix & It Shows…

Lemi Orhan Ergin did not give Apple any forewarning when he publicly revealed the massive macOS root bug on Twitter. He basically exposed a zero-day vulnerability for hackers to use, while Apple rushed on a bug fix. The good news is Apple just issued the root bug fix in Security Update 2017-001.

This is really fast work, but it also showed their sloppiness. Hopefully, the bug fix does not introduce additional bugs!

 

macOS Security Update 2017-001

[adrotate group=”2″]

Apple released macOS Security Update 2017-001 just a day after the macOS root bug was revealed. They also gave us more information on the bug that caused so much ruckus around the world (and rightly so).

  • The bug only affected macOS High Sierra 10.13.1.
  • The bug did not affect computers running macOS Sierra 10.12.6 or earlier.
  • They confirmed that it allowed an attacker to “bypass administrator authentication without supplying the administrator’s password“.

You can get more details on the root bug in our dedicated article – The macOS High Sierra Root Bug Explained!

 

How Do I Download The Root Bug Fix?

The macOS root bug fix is now available for download via the App Store. If it doesn’t appear yet, just click on the Updates icon to refresh.

Please note that this bug fix will reset and disable the root user account.  If you need to use the root user account, you will need to re-enable it, and change its password, after applying the update.

 

Terminal Users, Watch Out!

If you’re using Terminal to update though, you may face some complications due to Apple’s sloppiness. Chai discovered that Apple accidentally used a space instead of the version number.

This is not an issue if you are downloading the patch through the App Store. But if you’re applying the patch via Terminal, you need to add a space.

softwareupdate -i “Security Update 2017-001- “

Go Back To > Articles | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The macOS High Sierra Root Bug Explained! Rev. 2.0

The Internet is abuzz with the shocking revelation that now everyone can hack an Apple computer… as long as it’s using the latest macOS High Sierra operating system. Let us explain what’s going on, and share with you the workaround for the macOS High Sierra root bug.

Updated @ 2017-11-30 : Added a new section on the Apple bug fix (Security Update 2017-001) [1], and additional information on the root bug [2].

Originally posted @ 2017-11-29

 

What Is Root User?

If you are the primary user of a MacOS X system, you have an administrator account with administrator privileges. This gives you more privileges and access than a standard user account. However, that is not the highest access level possible.

There is a Mac superuser account called “root” that gives you elevated read and write privileges to hidden or protected areas of the system. With the Mac root user account, you can even access files in other user accounts.

In fact, it gives you such God-like powers, you can modify or even delete critical system files. In fact, a Mac root user can use the rm -rf * command to delete the contents of every mounted drive in the computer, until macOS crashes when a crucial file or folder is deleted.

So this Mac root user account should only remain disabled unless you really, REALLY need to use it.

Suggested Reading : The Mac Root User Login & Password Guide

 

The macOS High Sierra Root Bug Updated!

On Tuesday, 28 November 2017, Turkish software developer Lemi Orhan Ergin revealed the macOS High Sierra root bug. With a few simple steps, anyone can gain elevated root user privileges in any computer running macOS High Sierra! Here is a summary of what we know about the root bug :

  1. The root bug exploit requires a computer running macOS High Sierra, with multiple user accounts.
  2. When prompted for a username and password, use these steps to gain root user access without any password :
    • Type “root” as the username and leave the password field blank.
    • Just click “Unlock” twice.
  3. The root bug cannot be exploited remotely, unless screen sharing is enabled.
  4. The root bug was introduced in macOS High Sierra 10.13.1. Earlier versions of macOS were not affected.
  5. Apple confirmed that the bug was due to “a logic error… in the validation of credentials“.
  6. Apple also confirmed that the bug would allow an attacker to “bypass administrator authentication without supplying the administrator’s password“.
  7. Several security researchers successfully replicated the bug.

 

How Serious Is This Root Bug?

The macOS High Sierra root bug is EXTREMELY serious, because it allows a hacker to easily bypass all of the macOS operating system’s security protections.

It doesn’t matter if you encrypted your computer, and secured it with an extremely long and complex password. Anyone who gains root user privileges using this bug can access (read, copy or move) the files in any user account (even those of an administrator) without knowing the password.

What’s even more troubling is that the root bug works even with a disabled root user account. This means the vast majority of Apple computers running on High Sierra are compromised, as the root user account is disabled by default.

 

How To Fix The Root Bug?

Unlike other security researchers, Lemi Orhan Ergin did not forewarn Apple before publicly revealing the bug, on Twitter no less. He basically exposed a zero-day vulnerability for hackers to use, while Apple rushes to fix the bug.

1. Install macOS Security Update 2017-001 New!

Apple just released Security Update 2017-001. This update will remove the root bug and improve credential validation. INSTALL THIS UPDATE NOW!

Note : This bug fix will reset and disable the root user account.  If you need to use the root user account, you will need to re-enable it, and change its password, after applying the update.

Note : Apple rushed out this update so quickly that they accidentally used a space instead of the version number. You can read more about this in our article – Apple Rushed Out macOS Root Bug Fix & It Shows…

This is not an issue if you are downloading the patch through the App Store. But if you’re applying the patch via Terminal, you need to add a space.

softwareupdate -i “Security Update 2017-001- “

2. Enable Root User With Your Own Password

[adrotate group=”2″]

If you cannot apply Apple’s bug fix yet, you can block this root bug by enabling the root user account, and setting a password for it.

It’s not so straightforward, so we created a step-by-step guide for you – The Mac Root User Login & Password Guide.

3. Use Additional Encryption

Alternatively, you can opt to move your sensitive data to encrypted containers or drives using third-party encryption utilities like VeraCrypt. Hackers may use the High Sierra root bug to gain access to the encrypted containers or drives, but without the correct password, the actual data won’t be accessible.

4. Physically Protect Your Apple Computer

The good news is the High Sierra root bug generally requires physical access to your Apple computer. Until this bug is fixed, you should make sure your Apple computer is never left unsupervised.

Keep it in a locked room or bag, whenever you are not using it. If no one can get to it, they cannot use the bug to gain root access.

5. Disable Screen Sharing

The High Sierra root bug can be exploited remotely if Screen Sharing is enabled. So make sure you disable Screen Sharing.

Go Back To > Articles | Home

 

Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!