Re: mac OS HS vulnerability
Quote:
Originally Posted by
ik9000
... I like the fact they explain to people how to exploit the vulnerability :stupid:
I like even more that, immediately after they explain the exploit, they point out that the original person to do so has been highly criticised by the computer security industry. It's like, they know it's a bad thing to tell people how to do this, but someone else has already said something so surely it's OK now...
Re: mac OS HS vulnerability
Quote:
Originally Posted by
scaryjim
I like even more that, immediately after they explain the exploit, they point out that the original person to do so has been highly criticised by the computer security industry. It's like, they know it's a bad thing to tell people how to do this, but someone else has already said something so surely it's OK now...
Yeah, kind of ironic, but in fairness once the exploit is in the wild it is better to warn as many people as quickly as possible, both of the need to act, and the potential risk/severity of not taking action.
Re: mac OS HS vulnerability
and when one article on their website wasn't enough...
http://www.bbc.co.uk/news/technology-42166438
Re: mac OS HS vulnerability
You do have to have to root account enabled - by default it is disabled, however a user with admin privileges can enable it, and should then set a password.
Most *nix systems insist on setting a root password as part of the setup routine.
Re: mac OS HS vulnerability
Quote:
Originally Posted by
peterb
You do have to have to root account enabled - by default it is disabled ...
From the info in the bbc articles it makes it sound like High Sierra automatically enabled it. The guy who posted it in the apple forum thread says he was a normal user, and makes no indication that he'd chosen to enable root access.
Sure, we don't have the full story, but this sounds a bit more serious than "only affects people who have deliberately chosen to enable root"....
Re: mac OS HS vulnerability
Quote:
Originally Posted by
scaryjim
From the info in the bbc articles it makes it sound like High Sierra automatically enabled it. The guy who posted it in the
apple forum thread says he was a normal user, and makes no indication that he'd chosen to enable root access.
Sure, we don't have the full story, but this sounds a bit more serious than "only affects people who have deliberately chosen to enable root"....
You are right - I've just checked mine a bit more carefully, it is possible to log in as root from one of the system preferences applications. Ive jus set a root password on my mac, and the disabled root access! :)
It does require physical access to the machine - but better safe than sorry!
Re: mac OS HS vulnerability
Quote:
Originally Posted by
peterb
You are right - I've just checked mine a bit more carefully, it is possible to log in as root from one of the system preferences applications. Ive jus set a root password on my mac, and the disabled root access! :)
It does require physical access to the machine - but better safe than sorry!
Apparently it can also be done from a remote connection. Or worse via CLI so an executable can do it.
Re: mac OS HS vulnerability
Quote:
Originally Posted by
spacein_vader
Apparently it can also be done from a remote connection. Or worse via CLI so an executable can do it.
Yes, if you have enabled remote access, or have installed malware. Its certainly a serious flaw - easily fixed by a user though, and I expect there will be an update out in the very near future. Just shows you can never be complacent whatever the OS. (as the shellshock bug demonstrated last year)
Edit: Looks as if the patch has been released.
Re: mac OS HS vulnerability
Quote:
Originally Posted by
peterb
Yes, if you have enabled remote access, or have installed malware. Its certainly a serious flaw - easily fixed by a user though, and I expect there will be an update out in the very near future. Just shows you can never be complacent whatever the OS. (as the shellshock bug demonstrated last year)
Edit: Looks as if the patch has been released.
An Apple patch... would that be an i-patch?
Re: mac OS HS vulnerability
Quote:
Originally Posted by
ik9000
An Apple patch... would that be an i-patch?
Here’s your coat.... :)
Re: mac OS HS vulnerability
Quote:
Originally Posted by
peterb
Here’s your coat.... :)
What sort of coat? A mac perhaps?