Typical knee-jerk response from someone who doesn't understand the nature of the bug or the scope of OS development and testing.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Apple Releases macOS High Sierra Security Update to Fix Root Password Vulnerability
- Thread starter MacRumors
- Start date
- Sort by reaction score
Typical knee-jerk response from someone who doesn't understand the nature of the bug or the scope of OS development and testing.
I usually wait a while, I jumped on this one pretty quickly because it seemed like a minor update, +APFS!!! But yeah, I don't really feel that my computer is in a position where these security holes could have been exploited, but I don't like how bad they have been. This + the password hint bug = a whole bunch of people who should be fired.
Oh man, if Steve Jobs were alive, some Apple employee would have had the worst day of his life yesterday.
WTF is going on at Apple that this sort of vulnerability slips through?
WTF is going on at Apple that this sort of vulnerability slips through?
What kind of nonsense are you ranting about? Ive was never put in charge of “software”, just the UI/UX part. Get your facts right, man…
Also, having been promoted to CDO and probably also having more spare time now that Apple Park construction and occupation is nearing its completion, I’m guessing he’s still very much in charge of and will still be influential on that side of software.
Sort of? Fixing it in less than 24 hours wasn't fast enough for you?
At least the serious bugs that were present in the older releases only happened in "extremely rare cases"...
Snow Leopard guest account bug deletes user data
By not setting the password, logins with that account are supposed to be completely disabled. Without the bug, that would be safer than with a password set, since the former is supposed to make logins impossible but the latter still allows logins as long as the password is known or guessed.
It doesn’t bother me so much that the bug even happened. Just glad Apple is quick to fix these kinds of mistakes.
I'd go further than that and say why do people take MS/Windows as being the benchmark? As in "It's OK because Windows is worse"? This has got nothing to do with Windows. Seriously, it's just two massive corporations who make products you use - consumers don't need to get emotionally involved and fight their battles for them!
Stupid that this bug happened. Good that they apologized and fixed it within a day.
"root" wasn't set to "blank" -- or anything at all!
Due to the numerous ways there were to obfuscate the (unset) root password, I say that one or more properties within their .plists drove the logic wrong.
The problem was easy to reproduce, hence the quick fix.
Although this major security issue should have never seen the light of day in a stable release of macOS, I applaud Apple for fixing this quickly and not wait until 10.13.2 to patch it. As someone else said, they admitted their mistake, owned up to it and fixed it. Now let's move along.
Given how easy to exploit this bug is, it sure needed to be...
Until now, I didn't even know MacOS has a restartless mechanism for quick security updates. Clearly Apple anticipated a fix like this being necessary in advance
I believe the setting is there in Sys Preferences, App Store:
"Install system data files and security updates"
Doesn’t matter, we the consumers used to enjoy high quality products from Apple. We the consumers shouldn’t be a part of the OS testing.
Still hasnt shown up for my 4,1->5,1 MacPro with 10.13.1.
It did trigger on my 2010 MacBook, and MacBook Pro I have at work.
It did trigger on my 2010 MacBook, and MacBook Pro I have at work.
Makes you wonder if there might be some moles working in Apple's software engineering.
To be fair Apple have responded very quickly. I know it shouldn’t of happened but they have responded really well. There will of course be the usual doom and gloom comments but I applaud Apple for quickly responding and probably working through the night to get it fixed.
It wasn't. It was set to disabled. That should have been the end of it, but for an incorrect check in validation.
More secure than no password is a secure password. But much more secure than that is no user.
[doublepost=1511976522][/doublepost]
I'm not sure that's a good thing. Developers are humans who need sleep, too. Getting a patch out quickly is not as important as solving the whole problem. But time will tell.
Yes - its what MacOS is supposed to be superior to, and why people buy expensive Mac systems even when much cheaper generic Windows boxes are technically capable of doing the job.
Yes. I hope they're suitably embarrassed.
It probably got exactly the same testing.
I installed the update and already have one major bug identified. There's this big black notchy thing in the center top of my display.
I’m surprised they even let users wait, if there was ever an update that needs to be force-pushed, this is it, especially since it doesn’t require a restart.
Firing good people for bad mistakes they've since learned from is just not smart, even if you discover multiple past mistakes.
They'll still be out there. They still have the same skills, and now they're more cautious. And someone else is benefiting from that experience.
Also, their mistakes are still in the code, and now nobody's around that will suddenly remember those mistakes.