Apple wired.com

This MacOS "root" Bug is Bad, Bad, Bad  ↦

Volker Chartier, the first to alert WIRED to the issue with Apple’s patch:

It’s really serious, because everyone said “hey, Apple made a very fast update to this problem, hooray!” But as soon as you update [to 10.13.1], it comes back again and no one knows it.

You should pay close attention to this if you’re on MacOS High Sierra. Also, the story behind the “anyone can login as root” tweet is quite interesting as well.

Lemi Orhan Ergi:

The infrastructure staff noticed the [root] issue and used the flaw to recover my colleague’s account. On Nov 23, they informed Apple about it. They also searched online and saw the issue mentioned in a few places already, even in Apple Developer Forum from Nov 13. It seemed like the issue had been revealed, but Apple had not noticed yet.

Yesterday the infrastructure staff informed me that they had to set-up a root password on my Mac so that I wouldn’t have the issue. I saw the issue with my own eyes and thought that it was unbelievable!

Also, here’s how to set root password if that’s the route you want to go.


Discussion

Sign in or join to comment

0:00 / 0:00