CVE-2024-6387 (RegreSSHion) SSH Vulnerability

Yesterday, OpenSSH disclosed a critical RCE vulnerability that affects all instances of OpenSSH and released a patch to fix this vulnerability. As a result, do we have any official word from Apple as to when this vulnerability will be fixed? This weakness exposes every macOS device without a strict firewall configured.

Reading Link: https://thehackernews.com/2024/07/new-openssh-vulnerability-could-lead-to.html

Just like the other vulnerabilities in software used in macOS, this will most likely be fixed by updating to the newest version in the next major macOS 14 update.

Here’s a recent example when other OpenSSH vulnerabilities were fixed.

My concern is that I am not finding alternative methods other than Apple releasing a new version or a security patch to mitigate this critical vulnerability.

In my case, as an administrator of devices in a corporation, this poses a very high risk.

Can't you install a new version yourself?

For anyone who stumbles upon this thread, the vulnerability has been fixed in macOS 14.6.

CVE-2024-6387 (RegreSSHion) SSH Vulnerability
 
 
Q