Mac security flaw

mikefamig · Nov 29, 2017

For Mac users.

://www.computerworld.com/article/3239047/apple-mac/what-to-do-about-apple-s-shameful-mac-security-flaw.html

pvrfan · Nov 29, 2017

Note that this only affects Mac OS 10.13 High Sierra, not any older OS versions.

Really is astonishing that this could have made it through to shipping software. Also astonishing that this has taken so long to be highlighted. The latest point release, 10.13.1, came out on October 31, 2017. It took 28 days for this to be found?!? I haven't seen anything that clearly says if this bug was present in earlier versions--10.13.0 or any of the beta versions.

BTW, Apple is expected to release a fix shortly:

http://appleinsider.com/articles/17/11/28/apple-says-fix-incoming-for-macos-high-sierra-root-access-bug

Craig

ano · Nov 29, 2017

pvrfan said:
Note that this only affects Mac OS 10.13 High Sierra, not any older OS versions.

Really is astonishing that this could have made it through to shipping software. Also astonishing that this has taken so long to be highlighted. The latest point release, 10.13.1, came out on October 31, 2017. It took 28 days for this to be found?!? I haven't seen anything that clearly says if this bug was present in earlier versions--10.13.0 or any of the beta versions.

BTW, Apple is expected to release a fix shortly:

http://appleinsider.com/articles/17/11/28/apple-says-fix-incoming-for-macos-high-sierra-root-access-bug

Craig

This is another overblown "flaw" that really isn't a flaw at all. Every Mac and Unix computer (and maybe Windows too) has a root user account, and this account has to have some simple password to activate it or else you could never use it. In every Mac I have seen this access is turned OFF by default, although its certainly possible to turn it on.

This "flaw" can only be used if you are sitting at your computer. NEWS FLASH - EVERY COMPUTER HAS A WAY TO BREAK IN IF YOU ARE PHYSICALLY SITTING AT IT.
On a Mac, you can boot up in recovery mode, and use the terminal command "resetpassword"

The problem with many of these articles is they are written by people who are not very technical, so they just write what they are told.

But here is the REAL REAL problem. Over the years the rise of the Internet has made the news business less and less profitable. To survive, publications had to move from hiring high-paid knowledgeable reporters to cheaper junior reporters, and this is where the problem started. So I blame everything on the Internet, and I blame Al Gore for inventing it.

pvrfan · Nov 29, 2017

Security Update 2017-001 was released today to fix the vulnerability.

znelbok · Nov 29, 2017

AFAIK only if the firmware password is known or not set - otherwise its a no go.

This flaw is about the incorrect re-direction to a lockout after a number of attempts at login, but instead it lets you in without a password.

ano said:
This "flaw" can only be used if you are sitting at your computer. NEWS FLASH - EVERY COMPUTER HAS A WAY TO BREAK IN IF YOU ARE PHYSICALLY SITTING AT IT.
On a Mac, you can boot up in recovery mode, and use the terminal command "resetpassword"

Mac security flaw

mikefamig

Senior Member

pvrfan

Active Member

ano

Senior Member

pvrfan

Active Member

znelbok

Active Member

Similar threads