Posted on 11/28/2017 2:59:34 PM PST by grey_whiskers
Update: Apple has acknowledged the issue and is working on it. Statement and workaround below.
Wow, this is a bad one. On Macs running the latest version of High Sierra 10.13.1 (17B48) it appears that anyone can log in just by putting root in the user name field. This is a huge, huge problem. Apple will fix it probably within hours, but holy moly. Do not leave your Mac unattended until this is resolved.
The bug is most easily accessed by going to Preferences and then entering one of the panels that has a lock in the lower left-hand corner. Normally youd click that to enter your user name and password, which are required to change important settings like those in Security & Privacy.
(Excerpt) Read more at techcrunch.com ...
Apple releasing a patch doesn’t make this a non issue. What about offline machines that installed the first update?
Also does Apple force all machines to take the update?
It's fun to watch you dancing around like a flibberty-gibbit. Keep it up, it's hilarious.
You've accused dayglored of being an Apple fanboi on this thread. He is NOT. dayglored is the manager of the WINDOWS PING LIST on FreeRepublic. . . but you paint him as an Apple USING FANBOI. That is not the case. He is a Windows user as well as secondarily an Apple user. . . but he is not by any stretch of the imagination an Apple fanboi as you have attempted to paint him.
He said those words to you in a very polite manner. I am much more polite to you than you are in return, but you choose to use insulting language and sling slurs in Apple threads and toss around untruths and long proved statements you know are lies just to disrupt the threads. Your purpose in the threads is to be unpleasant and to be rude to Apple users. You succeed.
Close, but no cigar...
Sounds like they’ve been hiring ex router programmers...
OK, now *that* was funny...
Where did I say he was an apple fan boy?
In other words no apple hasn’t addressed those scenarios.
Don't you ever get tired of doing your foolish idiot dance? If you'd give it a rest you might have time to pay attention to facts instead of posting false statement with poor grammar.
Apple said it released a patch to fix the bug on Wednesday morning and it would be automatically installed on vulnerable machines later in the day.
The problem is fixed. Apple pushed out a signed automatic installing security update this morning. It requires no restart. . . yet here you are making your asinine baseless accusations, again.
Did you, or did you not call dayglored a liar intending him to be among an all inclusive "Fanbois" you were attacking in general who you always accuse of lying in Apple threads when they counter your anti-Apple comments? Or were you accusing dayglored of ALWAYS lying when he posts anything to you? Which is it? Not seemed to be pretty general to me.
I never called him am apple fan boy. Like you claimed.
Including offline machines? Wow. How does Apple breach the air gap?
We’re all “on the side of security”. Duh.
You remind me of Tom Lehrer’s “Folk Song Army”:
“It takes a certain amount of courage
to get up in a coffee house or a college auditorium and come out
in favor of the things that everybody else in the audience is against,
like peace and justice and brotherhood and so on.”
and
“We are the folk song army,
Every one of us cares.
We all hate poverty, war, and injustice
Unlike the rest of you squares.”
Now, if anyone is not on the “Apple fanboy” side, it’s dayglored. He is to Windows what Swordmaker is to Apple. You might want to listen to him when he gives you “shut up now for your own good” advice.
If we have to explain that one to you, you’re just being wantonly antagonistic.
He is not to windows as swordmaker is to Apple. He’s much more not aligned to either. Just because he begrudgingly took on the windows ping last does not make him a windows fanboy as swordmaker is an apple fanboy.
So you disagree with dayglored.
Yes, I disagree with dayglored in this rare minor instance. . . 60,000,000 Macs in the wild back then was not obscure, and never was, no matter what dayglored might think of that number. At least I have the courtesy to put him in the address field when I mention him in the post, which you don't.
Dayglored is, however, quite correct that OSX and now macOS, its successor, have been built from the ground up with security in mind starting from a solid foundation built on UNIX, and in fact they ARE the most popular sold trademarked UNIX sold in the world today. . . but there is not much more malware out there in the wild that impacts it today than there was ten years ago, and even then it's easily avoided and removed.
Ten years ago there were about 60 Trojans in just five Trojan families, while now there are less than three times that number now in eight Trojan families, and every one of them is identifiable and included in the built-in protectionswhich are updated dailyprovided by the operating system.
There are still ZERO self-propagating, self-replicating, self-installing true viable computer viruses for Apple OSX/macOS in the wild, or even ever been presented in the lab, which has been the case in the two decades Apple's OS has been in the wild. That is quite a record of security. That is not a amazingly small number of security threats compared to the literally millions of malware that exist in the Windows environment. Yet YOU dance and scamper about claiming non-existent dire danger for Apple users due to some perceived problems you think exist that every Apple user is too stupid to see.
Dayglored cut you much more slack and gave your specious evidence-less "security through obscurity" claims more of a hearing than I am willing to provide after way too many years of hearing more-and-more sack-cloth and ashes of Apple is doomed to follow Windows into a morass of malware, and it NEVER HAPPENING.
Other than what I've responded above, I'm not going to dance with you on this issue in your attempts to start a war, Pipsqueak. You are fading to a mere flea.
How do we breach the intelligence gap in your brain, Pipsqueak?
These offline machines have intelligent Apple Mac users who can install any needed patch in the same way they somehow succeeded in installing the macOS 10.13.1 High Sierra update. . . most likely by connecting the computer to a WIFI network.
WOW! Pretty soon we are going to need a magnifying glass to see your antics.
Shop all offline macs are only used by intelligent users. Wow. I guess you don’t run yours offline then.
Or the jealous spouse who took advantage of this to get on their spouses Mac while it’s been off.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.