I’ve yet to see a single operating system that doesn’t have a bug or flaw of some kind.
Got a tip for us?
Let us know
Become a MacRumors Supporter for $50/year with no ads, ability to filter front page stories, and private forums.
Bypass Flaw in Newly Released macOS Mojave Update Lets Hackers Access Protected Files
- Thread starter MacRumors
- Start date
- Sort by reaction score
Yeah they should have a beta program or something with a feedback app, then this would’ve been discovered months ago
Beta program is typically just testing from the user experience and giving feedback on obvious things. It's not the beta ethical hacking program.
Too bad Apple doesn't have a bug bounty program for MacOS.
I guess they don't have the budget for such a program.
My thoughts exactly. And only reason why I haven’t updated today is cause I’m still at work lol
Apple could save a lot of bad press by just hiring all these people that are constantly finding the holes in their software.
[doublepost=1537815001][/doublepost]DAVE!!!! YOU HAD ONE JOB TO DO!!!
[doublepost=1537815001][/doublepost]DAVE!!!! YOU HAD ONE JOB TO DO!!!
This is one of the main reasons I don't DL OS updates on day one. I let it ride about 2-3 weeks to see if anything like this arise. The new features are cool and all, but I don't see a rush to DL immediately.
This is not possible to catch by testing. It's a security vulnerability. Every code has vulnerabilities. The full code of Windows is 100GB+, and macOS could be similarly big. That's human-readable code, pure text. It would take several 1000 years for a human to read the full code. It's impossible to prevent flaws. Remember that it's a cat and mouse game, with hackers being every bit as smart as security experts. It's the same as security elsewhere in the world. If you install unbreakable windows for your house, they're going to demolish your brick wall, and still get inside. Even if you build a nuclear safe bunker, there is someone in the country who would be able to find a way to break into it.
Yes they do, it's been around since 2016: https://techcrunch.com/2016/08/04/apple-announces-long-awaited-bug-bounty-program/
God forbid they don't meet all your expectations on this free product.
Why on earth has Patrick Wardle made this public? Talk about has disrespect for security and also getting disrespected by the security industry for how h has announced it. Very unprofessional from his side.
This is a dyck move, totally intentional. Should have reported during beta. Sure this bug was there in the Golden Master beta release and they waited for 3 whole weeks.
So what you're saying is any security flaw or bug found in anything is a case of not having done proper testing? Please apply this to everything you own.
So the guy found a bug through beta testing and didn't report it to Apple, then when the bug isn't fixed in GM (because he never reported it) he posts a video with stupid music and calls it a 0day exploit. What a ****.
And then pokes fun at Apple for not having a bug bounty program for macOS. Not everyone expects to get paid for reporting bugs.
And then pokes fun at Apple for not having a bug bounty program for macOS. Not everyone expects to get paid for reporting bugs.
Last edited:
It's not free just because Apple stopped charging a separate fee for software. Every time someone buys a Mac, they are still paying for hardware + software.
The privilege escalation vulnerability in last year's High Sierra release was a huge embarrassment and could have been found with some simple testing. But it's also unreasonable to expect an OS to be completely bug-free.
Apple products don't have bugs, they are flawless!
I contacted Apple support few days ago to report a bug related to bluetooth keyboard connectivity. They didn't accept that it's a mac bug. They forced me to reset bunch of things, do a clean macOS install, ask for keyboard replacement. None helped.
How long before Macworld changes their headline?
I think I'll wait a while before updating my MBP and wait for more info.
I agree with you and why is Wardle waiting until November to share technical details?
Sounds like it's his way of "protesting" the fact that Apple doesn't have a bug bounty program for MacOS. Meh
Maybe Apple shouldn't have public or developer betas then if people like this are going to use them to find exploits, not report them, and then cause a big media frenzy about security bugs on release day... Completely abusing the privilege.