LinkBack URL
About LinkBacksRead more.Anyone with physical access to your machine can login as root with an empty password.
Read more.Anyone with physical access to your machine can login as root with an empty password.
Epic epic fail... I've seen a few tech sites commenting on how it seems Apple has QA issues these days.... not the first password bug recently
Old puter - still good enuff till I save some pennies!
Looks as if the patch has been released - I've just downloaded it.
(\__/)
(='.'=)
(")_(")
Been helped or just 'Like' a post? Use the Thanks button!
My broadband speed - 750 Meganibbles/minute
Slow to the news Hexus... https://forums.hexus.net/apple-mac/3...erability.htmlOriginally Posted by HEXUS
Troopa (30-11-2017)
Only 3 comments?! Oops, 4!
Not much to comment on. Flaw discovered and published, workaround quickly issued, followed just as quickly by a patch to fix it. Job done. It would have been better if it hadn't occurred, but you can say that about any software bug.
(\__/)
(='.'=)
(")_(")
Been helped or just 'Like' a post? Use the Thanks button!
My broadband speed - 750 Meganibbles/minute
The bug speaks volumes about software dev practices though R. I dunno what to say, it's good it was patched. Thanks for letting me now.
hexus trust : n(baby):n(lover):n(sky)|>P(Name)>>nopes
Be Careful on the Internet! I ran and tackled a drive by mining attack today. It's not designed to do anything than provide fake texts (say!)
You could say that about any software bug, but the idiocy of the exploit combined with the supposed trust placed in this company is what makes it remarkable.
No, this is a clear failure of any kind of SDLC.
You can have bugs that are bizarrely complex, this is the result of poor exceptional event handling, with frankly shoddy designs in the first place.
If this came from a team who worked for me, I'd be able to fire them for gross incompetence.
throw new ArgumentException (String, String, Exception)
But it is essentially the same problem as the old XP "administrator" account shipping with zero password to begin with. How many people back then never knew to boot into safe mode and set one? There were so many articles on that back in the day - even in lesser PC magazines, and eventually regular mainstream newspapers etc - how did no-one at Apple check that this root login didn't avoid this default vulnerability?
Guess this cements the rumour that all the good developers at Apple are working on iOS.
I didn't know that!
hexus trust : n(baby):n(lover):n(sky)|>P(Name)>>nopes
Be Careful on the Internet! I ran and tackled a drive by mining attack today. It's not designed to do anything than provide fake texts (say!)
Or it was enabled during testing for the convenience of the developers, and someone forgot to disable it before it was released.
(\__/)
(='.'=)
(")_(")
Been helped or just 'Like' a post? Use the Thanks button!
My broadband speed - 750 Meganibbles/minute
Not really a supporter of Apple products myself other than some of the actual work horse stuff they got... but from my point of view it is unforgiveable also... in general if all only use one brand and such you leave the world more vulnerable to a full scale attack.
Hope the responsible people has been fired and branded for life.
A bit extreme. What would your policy be for more violent offenders?
Incompetence whichever way you look at it.
There are currently 1 users browsing this thread. (0 members and 1 guests)
Posting Permissions
Reply With Quote
