>>12 that's not session hijacking because there are no cookies/sessions here. it's DNS hijacking (which can also be used to perform session hijacking, but malicious update is a bigger threat than stealing cookies, because it gives you code execution as an already installed program that the victim trusts): https://en.wikipedia.org/wiki/DNS_hijacking
Name:
Anonymous2019-01-21 9:36
>>14 DNS hijacking, BGP highjacking, the server itself being compromised, etc
Name:
Anonymous2019-01-21 9:40
>>14 Fortunately this glaring flaw is being closed with DNS-over-HTTPS, its enabled on Firefox v62+
>>18 which is completely unrelated to a bug in auto-update, anus
Name:
Anonymous2019-01-21 9:59
>>16 Wrong, DNS-over-HTTPS will not help you if the incorrect DNS info is stored in the DNS server. Also, dnscrypt/dnscurve/dnsoverquic are faster, more popular, you can already use them globally for your whole os, and do not depend on TLS.
"I love Apple products and will continue to use them," Thompson said. "Obviously I am disappointed and concerned that this happened and hope they address the issue quickly."