Windows 10 News and info | Forum
December 16, 2018, Loading... *
Welcome, Guest. Please login or register.

Login with username, password and session length
News: This is a clean Ad-free Forum and protected by StopForumSpam, Project Honeypot, Botscout and AbuseIPDB | This forum does not use audio ads, popups, or other annoyances.
  Website   Home   Windows 8 Website GDPR Help Login Register  
By continuing to use the site or forum, you agree to the use of cookies, find out more by reading our GDPR policy.
Pages: [1]
Share this topic on Del.icio.usShare this topic on DiggShare this topic on FacebookShare this topic on GoogleShare this topic on MySpaceShare this topic on RedditShare this topic on StumbleUponShare this topic on TechnoratiShare this topic on TwitterShare this topic on YahooShare this topic on Google buzz
Author Topic: Apple messes up again  (Read 425 times)
Hero Member
Online Online

Gender: Male
United States United States

Posts: 29296

I Do Windows

WWW Email
« on: December 02, 2017, 03:03:27 AM »

Apple's MacOS users are living in glass houses

It seems Apple is determined to make it super-easy for MacOS users to be casually hacked by passersby. We wrote recently of a MacOS High Sierra bug (or is it just pure negligence) which meant the OS shipped without a root password, meaning anyone could walk past your locked Mac laptop, casually log in and reformat your hard drive, amongst other nefarious things.

Apple rushes out a patch, with rush being the operative word. Not only did the patch break some file-sharing functions on High Sierra, causing Apple to re-issue another patch, but now it appears simply updating the OS undoes the patch, leaving users vulnerable again.

Wired reports that those who had not yet upgraded their operating system from the original version of High Sierra, 10.13.0, to the most recent version, 10.13.1, but had downloaded the patch, say the “root” bug reappears when they install the most recent macOS system update. This means users may believe they are protected but they are not.

Worse, if users do re-install the patch (or if it is eventually re-installed automatically) it is not activated until a reboot (which for laptop users may be weeks to months) and the app offers no prompt to ensure users do a reboot after its application.

“It’s really serious, because everyone said ‘hey, Apple made a very fast update to this problem, hooray,'” says Volker Chartier, a software engineer at German energy firm Innogy who was the first to alert WIRED to the issue with Apple’s patch. “But as soon as you update [to 10.13.1], it comes back again and no one knows it.”

“I installed the update again from the App Store and verified that I could still trigger the bug. That is bad, bad, bad,” says Thomas Reed, a researcher at security firm MalwareBytes. “Anyone who hasn’t yet updated to 10.13.1, they’re now in the pipeline headed straight for this issue.”

The root password problems follow a litany of other issues which PC users may not have heard off, including displaying the user’s password as a password hint when someone tries to unlock an encrypted partition on their machine known as an APFS container and allowing malware to easily steal users the contents of user’s keychain without a password.

“..the big question going around now is, what is Apple’s quality assurance [team] for Mac doing?” said Malwarebytes’ Thomas Reed. “I don’t know what’s going on that these bugs could have slipped past.”

Apple has said “customers deserve better”, and we can only suggest now may be the time to give Windows a try…


Pages: [1]
Jump to:  

Powered by SMF 1.1.21 | SMF © 2017, Simple Machines

Google visited last this page November 15, 2018, 10:52:12 PM