So, this is bad. (1 Viewer)

[Sam Posten]

Might be the worst security bug in Mac history.
https://www.bloomberg.com/news/arti...-system-has-login-flaw-that-puts-data-at-risk

 

[Walter Kittel]

Somebody has got some explaining to do.

That is a pretty incredible oversight. Allowing any user id to login with no password is a big deal, but the idea that the root account (and the privileges that accompany that account) is accessible with no password makes it exponentially worse.

Wow. Just wow.

- Walter.

 

[Sam Posten]

http://www.loopinsight.com/2017/11/29/update-to-high-sierra-now-live-official-comment-from-apple/

 

[Sam Posten]

https://objective-see.com/blog/blog_0x24.html

 

[Johnny Angell]

As I read it, this flaw still required physical access to the Mac to do the fraudulent login. Am I right?

 

[Walter Kittel]

From the original link...

One user reported the ability to also access the computer using the root login remotely.

Not exactly definitive. There are procedures to disable remote root access, but I have no idea whether or not Apple configures their OS in that manner as a default. I'm guessing - probably not.

- Walter.

 

[Clinton McClure]

This is old news now, as Apple has already patched the hole with both a macOS update and a stand-alone patch. It is a bit troubling how Apple has experienced several glaring security, usability, and show-stopper bugs in the last few weeks with both macOS and iOS. There needs to definitely be a review of and adjustment to internal testing policies.

That being said, I still prefer macOS and iOS to anything else out there.

 

[DaveF]

Veddy veddy bad.

Tally another incident in the "Apple's software quality is dropping" column.

 

[Patrick_S]

This was probably the worst security issue in the history of desktop OSes.

 

[B-ROLL]

Sounds like a class action lawsuit to me ...