Page 1 of 2 12 LastLast
Results 1 to 16 of 18

Thread: Big security flaw in Apple MacOS High Sierra uncovered

  1. #1
    HEXUS.admin
    Join Date
    Apr 2005
    Posts
    26,294
    Thanks
    0
    Thanked
    1,493 times in 541 posts

    Big security flaw in Apple MacOS High Sierra uncovered

    Anyone with physical access to your machine can login as root with an empty password.
    Read more.

  2. #2
    Senior Member
    Join Date
    Aug 2003
    Location
    Sunny Rugeley
    Posts
    1,886
    Thanks
    0
    Thanked
    47 times in 42 posts

    Re: Big security flaw in Apple MacOS High Sierra uncovered

    Epic epic fail... I've seen a few tech sites commenting on how it seems Apple has QA issues these days.... not the first password bug recently
    Old puter - still good enuff till I save some pennies!

  3. #3
    Admin Team peterb's Avatar
    Join Date
    Aug 2005
    Location
    Southampton
    Posts
    17,103
    Thanks
    2,193
    Thanked
    2,757 times in 2,208 posts
    • peterb's system
      • Motherboard:
      • Nascom 2
      • CPU:
      • Z80B
      • Memory:
      • 48K 8 bit memory on separate card
      • Storage:
      • Audio cassette tape - home built 5.25" floppy drive
      • Graphics card(s):
      • text output (composite video)
      • PSU:
      • Home built
      • Case:
      • Home built
      • Operating System:
      • Nas-sys
      • Monitor(s):
      • 12" monocrome composite video input
      • Internet:
      • No networking capability on this machine

    Re: Big security flaw in Apple MacOS High Sierra uncovered

    Looks as if the patch has been released - I've just downloaded it.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  4. #4
    Senior Member
    Join Date
    Nov 2009
    Posts
    4,218
    Thanks
    991
    Thanked
    537 times in 417 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Re: Big security flaw in Apple MacOS High Sierra uncovered

    Quote Originally Posted by HEXUS View Post
    Slow to the news Hexus... https://forums.hexus.net/apple-mac/3...erability.html

  5. Received thanks from:

    Troopa (30-11-2017)

  6. #5
    Registered+
    Join Date
    May 2009
    Location
    Warrington, Cheshire
    Posts
    19
    Thanks
    0
    Thanked
    0 times in 0 posts

    Re: Big security flaw in Apple MacOS High Sierra uncovered

    Only 3 comments?! Oops, 4!

  7. #6
    Admin Team peterb's Avatar
    Join Date
    Aug 2005
    Location
    Southampton
    Posts
    17,103
    Thanks
    2,193
    Thanked
    2,757 times in 2,208 posts
    • peterb's system
      • Motherboard:
      • Nascom 2
      • CPU:
      • Z80B
      • Memory:
      • 48K 8 bit memory on separate card
      • Storage:
      • Audio cassette tape - home built 5.25" floppy drive
      • Graphics card(s):
      • text output (composite video)
      • PSU:
      • Home built
      • Case:
      • Home built
      • Operating System:
      • Nas-sys
      • Monitor(s):
      • 12" monocrome composite video input
      • Internet:
      • No networking capability on this machine

    Re: Big security flaw in Apple MacOS High Sierra uncovered

    Quote Originally Posted by Eric F View Post
    Only 3 comments?! Oops, 4!
    Not much to comment on. Flaw discovered and published, workaround quickly issued, followed just as quickly by a patch to fix it. Job done. It would have been better if it hadn't occurred, but you can say that about any software bug.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  8. #7
    Senior Member
    Join Date
    Jun 2005
    Posts
    732
    Thanks
    381
    Thanked
    50 times in 46 posts
    • Millennium's system
      • Motherboard:
      • Asus Z170 Pro Gamer ATX
      • CPU:
      • Intel i5 6600K @ 4.5GHz 4 core
      • Memory:
      • Corsair VPX 3000 DDR4 (16, 4*4)
      • Storage:
      • 500gb 850 Evo sata3 SSD, 2*2TB Green 5900 Raid 0
      • Graphics card(s):
      • MSI 390 8gb
      • PSU:
      • toughpower 1kw
      • Case:
      • Zalman Z3 Plus
      • Operating System:
      • Windows 10 64bit
      • Monitor(s):
      • VIEWSONIC VG2401MH 144hz (Solid)
      • Internet:
      • Origin ADSL Broadband, not really recommended.

    Re: Big security flaw in Apple MacOS High Sierra uncovered

    The bug speaks volumes about software dev practices though R. I dunno what to say, it's good it was patched. Thanks for letting me now.
    : n(baby):n(lover):n(sky)|>P(Name)>>not quite

    how do you spend your time online? (Hexus link)

  9. #8
    Senior Member
    Join Date
    Feb 2016
    Location
    Somerset
    Posts
    629
    Thanks
    32
    Thanked
    71 times in 57 posts
    • wazzickle's system
      • Motherboard:
      • Asus Z170i Pro Gaming
      • CPU:
      • i5 7600
      • Memory:
      • 16Gb DDR4 HyperX Fury
      • Storage:
      • Samsung 850 Evo M.2 256GB (OS); 2 x Seagate 5+4 TB 2.5" HDD
      • Graphics card(s):
      • Intel Onboard HD 630
      • PSU:
      • Pico PSU 160W
      • Case:
      • Streacom FC8 Alpha OD
      • Operating System:
      • W10
      • Monitor(s):
      • Samsung UE50JU6800 4k TV
      • Internet:
      • Plusnet 80/20

    Re: Big security flaw in Apple MacOS High Sierra uncovered

    You could say that about any software bug, but the idiocy of the exploit combined with the supposed trust placed in this company is what makes it remarkable.

  10. #9
    Seething Cauldron of Hatred TheAnimus's Avatar
    Join Date
    Aug 2005
    Posts
    17,054
    Thanks
    784
    Thanked
    2,135 times in 1,395 posts

    Re: Big security flaw in Apple MacOS High Sierra uncovered

    Quote Originally Posted by peterb View Post
    Not much to comment on. Flaw discovered and published, workaround quickly issued, followed just as quickly by a patch to fix it. Job done. It would have been better if it hadn't occurred, but you can say that about any software bug.
    No, this is a clear failure of any kind of SDLC.

    You can have bugs that are bizarrely complex, this is the result of poor exceptional event handling, with frankly shoddy designs in the first place.

    If this came from a team who worked for me, I'd be able to fire them for gross incompetence.
    throw new ArgumentException (String, String, Exception)

  11. #10
    Senior Member
    Join Date
    Nov 2009
    Posts
    4,218
    Thanks
    991
    Thanked
    537 times in 417 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Re: Big security flaw in Apple MacOS High Sierra uncovered

    Quote Originally Posted by peterb View Post
    Not much to comment on. Flaw discovered and published, workaround quickly issued, followed just as quickly by a patch to fix it. Job done. It would have been better if it hadn't occurred, but you can say that about any software bug.
    But it is essentially the same problem as the old XP "administrator" account shipping with zero password to begin with. How many people back then never knew to boot into safe mode and set one? There were so many articles on that back in the day - even in lesser PC magazines, and eventually regular mainstream newspapers etc - how did no-one at Apple check that this root login didn't avoid this default vulnerability?

  12. #11
    Oh Crumbs.... Biscuit's Avatar
    Join Date
    Feb 2007
    Location
    N. Yorkshire
    Posts
    10,800
    Thanks
    1,290
    Thanked
    1,000 times in 778 posts
    • Biscuit's system
      • Motherboard:
      • ASRock Z77 Pro4-M
      • CPU:
      • Intel i5 3570 (Be Quiet! Dark Rock 3)
      • Memory:
      • 16GB Crucial DDR3 1866MHz
      • Storage:
      • 240GB Crucial M4, 480GB Crucial M500, 2TB Seagate SSHD
      • Graphics card(s):
      • Sapphire R9 290X Vapor-X
      • PSU:
      • XFX 650W
      • Case:
      • Lian Li PC-V359
      • Operating System:
      • Windows 7 x64
      • Monitor(s):
      • Dell U2913WM & Philips E-line 234EL2SB
      • Internet:
      • BT Infinity 80/20

    Re: Big security flaw in Apple MacOS High Sierra uncovered

    Guess this cements the rumour that all the good developers at Apple are working on iOS.

  13. #12
    Senior Member
    Join Date
    Jun 2005
    Posts
    732
    Thanks
    381
    Thanked
    50 times in 46 posts
    • Millennium's system
      • Motherboard:
      • Asus Z170 Pro Gamer ATX
      • CPU:
      • Intel i5 6600K @ 4.5GHz 4 core
      • Memory:
      • Corsair VPX 3000 DDR4 (16, 4*4)
      • Storage:
      • 500gb 850 Evo sata3 SSD, 2*2TB Green 5900 Raid 0
      • Graphics card(s):
      • MSI 390 8gb
      • PSU:
      • toughpower 1kw
      • Case:
      • Zalman Z3 Plus
      • Operating System:
      • Windows 10 64bit
      • Monitor(s):
      • VIEWSONIC VG2401MH 144hz (Solid)
      • Internet:
      • Origin ADSL Broadband, not really recommended.

    Re: Big security flaw in Apple MacOS High Sierra uncovered

    Quote Originally Posted by ik9000 View Post
    But it is essentially the same problem as the old XP "administrator" account shipping with zero password to begin with. How many people back then never knew to boot into safe mode and set one? There were so many articles on that back in the day - even in lesser PC magazines, and eventually regular mainstream newspapers etc - how did no-one at Apple check that this root login didn't avoid this default vulnerability?
    I didn't know that!
    : n(baby):n(lover):n(sky)|>P(Name)>>not quite

    how do you spend your time online? (Hexus link)

  14. #13
    Admin Team peterb's Avatar
    Join Date
    Aug 2005
    Location
    Southampton
    Posts
    17,103
    Thanks
    2,193
    Thanked
    2,757 times in 2,208 posts
    • peterb's system
      • Motherboard:
      • Nascom 2
      • CPU:
      • Z80B
      • Memory:
      • 48K 8 bit memory on separate card
      • Storage:
      • Audio cassette tape - home built 5.25" floppy drive
      • Graphics card(s):
      • text output (composite video)
      • PSU:
      • Home built
      • Case:
      • Home built
      • Operating System:
      • Nas-sys
      • Monitor(s):
      • 12" monocrome composite video input
      • Internet:
      • No networking capability on this machine

    Re: Big security flaw in Apple MacOS High Sierra uncovered

    Quote Originally Posted by Biscuit View Post
    Guess this cements the rumour that all the good developers at Apple are working on iOS.
    Or it was enabled during testing for the convenience of the developers, and someone forgot to disable it before it was released.
    (\__/)
    (='.'=)
    (")_(")

    Been helped or just 'Like' a post? Use the Thanks button!
    My broadband speed - 750 Meganibbles/minute

  15. #14
    Member
    Join Date
    Apr 2016
    Posts
    176
    Thanks
    0
    Thanked
    3 times in 3 posts

    Re: Big security flaw in Apple MacOS High Sierra uncovered

    Not really a supporter of Apple products myself other than some of the actual work horse stuff they got... but from my point of view it is unforgiveable also... in general if all only use one brand and such you leave the world more vulnerable to a full scale attack.

    Hope the responsible people has been fired and branded for life.

  16. #15
    Senior Member
    Join Date
    Nov 2009
    Posts
    4,218
    Thanks
    991
    Thanked
    537 times in 417 posts
    • ik9000's system
      • Motherboard:
      • Asus P7H55-M/USB3
      • CPU:
      • i7-870, Prolimatech Megahalems, 2x Akasa Apache 120mm
      • Memory:
      • 4x4GB Corsair Vengeance 2133 11-11-11-27
      • Storage:
      • 2x256GB Samsung 840-Pro, 1TB Seagate 7200.12, 1TB Seagate ES.2
      • Graphics card(s):
      • Gigabyte GTX 460 1GB SuperOverClocked
      • PSU:
      • NZXT Hale 90 750w
      • Case:
      • BitFenix Survivor + Bitfenix spectre LED fans, LG BluRay R/W optical drive
      • Operating System:
      • Windows 7 Professional
      • Monitor(s):
      • Dell U2414h, U2311h 1920x1080
      • Internet:
      • 200Mb/s Fibre and 4G wifi

    Re: Big security flaw in Apple MacOS High Sierra uncovered

    Quote Originally Posted by QuorTek View Post
    and branded for life.
    A bit extreme. What would your policy be for more violent offenders?

  17. #16
    Oh Crumbs.... Biscuit's Avatar
    Join Date
    Feb 2007
    Location
    N. Yorkshire
    Posts
    10,800
    Thanks
    1,290
    Thanked
    1,000 times in 778 posts
    • Biscuit's system
      • Motherboard:
      • ASRock Z77 Pro4-M
      • CPU:
      • Intel i5 3570 (Be Quiet! Dark Rock 3)
      • Memory:
      • 16GB Crucial DDR3 1866MHz
      • Storage:
      • 240GB Crucial M4, 480GB Crucial M500, 2TB Seagate SSHD
      • Graphics card(s):
      • Sapphire R9 290X Vapor-X
      • PSU:
      • XFX 650W
      • Case:
      • Lian Li PC-V359
      • Operating System:
      • Windows 7 x64
      • Monitor(s):
      • Dell U2913WM & Philips E-line 234EL2SB
      • Internet:
      • BT Infinity 80/20

    Re: Big security flaw in Apple MacOS High Sierra uncovered

    Quote Originally Posted by peterb View Post
    Or it was enabled during testing for the convenience of the developers, and someone forgot to disable it before it was released.
    Incompetence whichever way you look at it.

Page 1 of 2 12 LastLast

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •