Hacker News new | past | comments | ask | show | jobs | submit login

I promise, you will be just fine without the security updates.



This is probably misguided. Apple includes the OS version number in the user agent, so an attacker can actually pay to have code delivered only to users with vulnerable versions of MacOS. (advertising marketplaces allow bidding by user agent)


Are you thinking of a safari exploit that allows JavaScript to get out of the safari process? What’s the attack scenario?


The user agent is defined by the browser.

And it only contains: Intel Mac OS X 10_15_7 irrespective of what Mac you are using.


I’m seeing Mozilla/5.0 (Macintosh; Intel Mac OS X 14_7). What do you think the 14_7 stands for on MacOS 14.7?


I currently use M3 Max MacBook Pro. Mac OS 14.6.1(23G93).

Firefox 130.0.1

  "Mozilla/5.0 (Macintosh; Intel Mac OS X 10.15; rv:130.0) Gecko/20100101 Firefox/130.0"
Safari 17.6

  "Mozilla/5.0 (Macintosh; Intel Mac OS X 10_15_7) AppleWebKit/605.1.15 (KHTML, like Gecko) Version/17.6 Safari/605.1.15"
Seems like a Google Chrome-specific behavior, but I don't have Google Chrome installed to test.


> Intel Mac OS X 10_15_7.

This is on an M4 MacBook Pro running 15.0.

So not correct.


Heya, I couldn’t find a way to contact you privately but I’d assume you want to delete your comment until (presumably) next month! Correct me if I’m wrong tho :)

Alternatively, a mod could help to edit it instead


Why would they want to do that?


To be honest, I’m not entirely sure.

It’s a product that isn’t officially announced yet. Anyone could mention that they own that device of course, but it’s the extra credibility of him being an ex-Apple SWE (judging from his comments) that convinced me to drop that comment.

Dunno if there could be any legal implications, if not - all good!




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: