Big security flaw in Apple MacOS High Sierra uncovered
Quote:
Anyone with physical access to your machine can login as root with an empty password.
Read more.
Re: Big security flaw in Apple MacOS High Sierra uncovered
Epic epic fail... I've seen a few tech sites commenting on how it seems Apple has QA issues these days.... not the first password bug recently
Re: Big security flaw in Apple MacOS High Sierra uncovered
Looks as if the patch has been released - I've just downloaded it.
Re: Big security flaw in Apple MacOS High Sierra uncovered
Quote:
Originally Posted by
HEXUS
Slow to the news Hexus... https://forums.hexus.net/apple-mac/3...erability.html
Re: Big security flaw in Apple MacOS High Sierra uncovered
Only 3 comments?! Oops, 4!
Re: Big security flaw in Apple MacOS High Sierra uncovered
Quote:
Originally Posted by
Eric F
Only 3 comments?! Oops, 4!
Not much to comment on. Flaw discovered and published, workaround quickly issued, followed just as quickly by a patch to fix it. Job done. It would have been better if it hadn't occurred, but you can say that about any software bug.
Re: Big security flaw in Apple MacOS High Sierra uncovered
The bug speaks volumes about software dev practices though R. I dunno what to say, it's good it was patched. Thanks for letting me now.
Re: Big security flaw in Apple MacOS High Sierra uncovered
You could say that about any software bug, but the idiocy of the exploit combined with the supposed trust placed in this company is what makes it remarkable.
Re: Big security flaw in Apple MacOS High Sierra uncovered
Quote:
Originally Posted by
peterb
Not much to comment on. Flaw discovered and published, workaround quickly issued, followed just as quickly by a patch to fix it. Job done. It would have been better if it hadn't occurred, but you can say that about any software bug.
No, this is a clear failure of any kind of SDLC.
You can have bugs that are bizarrely complex, this is the result of poor exceptional event handling, with frankly shoddy designs in the first place.
If this came from a team who worked for me, I'd be able to fire them for gross incompetence.
Re: Big security flaw in Apple MacOS High Sierra uncovered
Quote:
Originally Posted by
peterb
Not much to comment on. Flaw discovered and published, workaround quickly issued, followed just as quickly by a patch to fix it. Job done. It would have been better if it hadn't occurred, but you can say that about any software bug.
But it is essentially the same problem as the old XP "administrator" account shipping with zero password to begin with. How many people back then never knew to boot into safe mode and set one? There were so many articles on that back in the day - even in lesser PC magazines, and eventually regular mainstream newspapers etc - how did no-one at Apple check that this root login didn't avoid this default vulnerability?
Re: Big security flaw in Apple MacOS High Sierra uncovered
Guess this cements the rumour that all the good developers at Apple are working on iOS.
Re: Big security flaw in Apple MacOS High Sierra uncovered
Quote:
Originally Posted by
ik9000
But it is essentially the same problem as the old XP "administrator" account shipping with zero password to begin with. How many people back then never knew to boot into safe mode and set one? There were so many articles on that back in the day - even in lesser PC magazines, and eventually regular mainstream newspapers etc - how did no-one at Apple check that this root login didn't avoid this default vulnerability?
I didn't know that!
Re: Big security flaw in Apple MacOS High Sierra uncovered
Quote:
Originally Posted by
Biscuit
Guess this cements the rumour that all the good developers at Apple are working on iOS.
Or it was enabled during testing for the convenience of the developers, and someone forgot to disable it before it was released.
Re: Big security flaw in Apple MacOS High Sierra uncovered
Not really a supporter of Apple products myself other than some of the actual work horse stuff they got... but from my point of view it is unforgiveable also... in general if all only use one brand and such you leave the world more vulnerable to a full scale attack.
Hope the responsible people has been fired and branded for life.
Re: Big security flaw in Apple MacOS High Sierra uncovered
Quote:
Originally Posted by
QuorTek
and branded for life.
A bit extreme. What would your policy be for more violent offenders?
Re: Big security flaw in Apple MacOS High Sierra uncovered
Quote:
Originally Posted by
peterb
Or it was enabled during testing for the convenience of the developers, and someone forgot to disable it before it was released.
Incompetence whichever way you look at it.