Apple Pushes Out Security Update and
Apologizes To Users
Ping!
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
Posted on 11/29/2017 3:49:52 PM PST by Swordmaker
“Apple Inc said on Wednesday it would review its software development process a day after a researcher discovered a bug in a new version of its Mac operating system that could give hackers total control of vulnerable machines,” Stephen Nellis reports for Reuters. “Apple said it released a patch to fix the bug on Wednesday morning and it would be automatically installed on vulnerable machines later in the day.”
“‘We greatly regret this error and we apologize to all Mac users,’ Apple said in a statement. ‘Our customers deserve better. We are auditing our development processes to help prevent this from happening again,'” Nellis reports. “The U.S. and German governments issued alerts advising Mac users to install the patch.”
“Apple said its security engineers learned of the problem on Tuesday afternoon and posted the patch within 24 hours,” Nellis reports. “‘Security is a top priority for every Apple product, and regrettably we stumbled with this release of Mac OS,’ Apple said in its statement.”
Read more in the full article here.
MacDailyNews Take: Perhaps this latest snafu has finally been the wake up call Apple needed.
We trust Apple to stay true to their word and expect them to up their game (not just in software, but across the board) which, in recent years, simply has not measured up to the fastidious level of excellence set and maintained for so long by Steve Jobs.
Be a yardstick of quality. Some people aren’t used to an environment where excellence is expected. — Steve Jobs
Government Deep State API exposed...
The latest Apple/Mac/iOS Pings can be found by searching Keyword "ApplePingList" on FreeRepublic's Search.
If you want on or off the Mac Ping List, Freepmail me
. Apple chutzpah exposed...
Nope, too obvious.
Whats this mean to me a regular non business iMac owner that recently upgraded to the High Siera 10.13.1
Dont know why i do these updates and should stop
Re: Updated to High Sierra, all Admin accounts now Standard
Level 1 (0 points)
Oh my god that should not work but it does. This is really REALLY bad. Some bug in authentication is ENABLING root with no password the first time it fails!
Re: Updated to High Sierra, all Admin accounts now Standard
Aaaand it’s all over Twitter, Reddit , and hacker news. Guess someone else either discovered it or they found this thread.
Disregard my last post. I just went in and see the security update availability. Reason for my post was I looked this AM and didnt see it. Its there now
Hacker News discusses the above here.
And it’s amazing how much of upper management never read The Mythical Man-Month.
Whats this mean to me a regular non business iMac owner that recently upgraded to the High Siera 10.13.1
Dont know why i do these updates and should stop
No, don’t stop. In fact if you upgraded to 10.13.1, launch the App Store app and go to the updates section. Apple just released a security patch update to fix this High Sierra security problem.
It seems to be the case with all software as it versions forward; things get fixed and things that were fixed get broken. You want to live with a software release that is pretty current, as a lot of software just won’t run if you’re using an OS that is too old.
On the other hand, you might not want to live right on the very latest release the moment it is released. No matter how much release testing is done, once a new version is released to the public that’s when the real testing begins with the myriad configurations running out in the real world.
Personally, after a major software release, like 10.13, I like to hang back for a few months to see how the release works in the real world. I was almost actually going to make the jump from 10.12.6 to 10.13.1, figuring there had already been the .1 upgrade within 10.13. In this case the .1 upgrade introduced the bug. *sigh*
Thanks I looked this AM and saw no Sec Update and figured it didn’t affect me. Went in just after my post and saw the update and completed it a few minutes ago.
Thanks I looked this AM and saw no Sec Update and figured it didn’t affect me. Went in just after my post and saw the update and completed it a few minutes ago.
—
Excellent! Now you’re all set.
By the way, the notes on any update will give you a synopsis of what is in the update. The update you just installed was likely labeled “recommended security update” or words to that effect.
Because the hackers who are out there are not really after the businesses. They are after your computer. . . and the updates always contain more security updates and improvements that keep your computer safe from those hackers than stupid mistakes like this especially idiotic one which really did not put you at all at risk from any of them because it required anyone who wanted to exploit it have physical access to your iMac.
This is on the level of the Adobe Creative Cloud snafu about a year ago, where anything put in the topmost/foremost folder of all folders on your computer disappeared forever after a very short period of time.
A user in my group was panicked as all their latest work (important stuff) was just disappearing.
Found out they simply made a folder labeled something like ‘ LATEST_WORK’ (note the three spaces in front of the spelling) on their Desktop and was putting their latest files there as a quick access. They named it that way so it would aways be at the top of any list of folders.
Sure enough, they put files in there…and down the “Memory Hole” they went. Literally!
Not knowing WHY it was doing that, I told them to please use another folder and leave that one empty until I could figure out what was wrong and causing it. Shortly after that, Adobe announced the problem, how to identify it, and patched it. Geez.
And now Apple announces that they key to the front door is right under the welcome mat! GAH!!!
…That’s like…
PASSWORD: 123456
…level of bad.
Yup, that post from Chethan177 does exist on an Apple Developers' Forum, cynwoody. . . but if you read all of the rest of the 225 posts related to the original post, which I have, it was in an essentially finished topic thread from a Developer named Taylor E posting seeking help back on June 8, 2017, almost six months ago, when Taylor E, it turns out, had somehow gotten his Admin User's credentials fouled up.
Apple employees would never have seen this comment by Chethan177, unless some member of the forum actually reported it.
Why is that?
There are literally thousands of these topic posts on Apple Developers' Forums, Cynwoody. Thousands. These particular Apple Developers' Forums are not-moderated-by-Apple forums, meaning Apple pays no attention to them. They are for independent Apple developers to provide community help for each other without Apple employee input. They're intended for the community of independent developers to provide assistance to other Apple developers who run into problems utilizing the experience and knowledge of other developers willing to share solutions. The reason Apple does not even look at it is due to legal liability where developers may be working independently on something Apple itself may also be also developing in house.
Chethan177, not noticing that Taylor E's problem had long since been resolved, posted his comment and suggestions three nested comments deep two weeks ago. In fact, Cynwoody, until yesterday, Chethan177's comment of November 13, 2017, WAS THE LAST COMMENT IN THE THREAD! All following comments relative to Chethan177's were made after November 28th when someone made a search of Apple forums for anything related to Root access.
Yesterday, on November 28th, after the Root Exploit had been exposed to the world, CoyoteDen jumped in. . . which was BEFORE it was first a topic on Reddit.
Chethan177 later says that he was totally unaware that it was a Root exploit, but he merely thought it allowed access to the Admin user, until the other commenters point it out to him There were a couple shocked comments by others starting on November 28, 2017, that it allowed Root access and shouldn't. But no one commented contemporaneously that Apple should have been notified because no one commented on Chethan177's comment at the bottom of the thread because the evidence shows that essentially NO ONE READ HIS COMMENT before November 28th.
There were no contemporary comments made right after Chethan177's original posting on November 13, 2017.
I think they are ALL forgetting that this particular set of forums were NOT moderated or even read by Apple, and figured Apple should have jumped on it. . . but since it was not moderated or even visited, it was not.
CoyoteDen (Nov 28, 2017 6:31 PM): Aaaand it’s all over Twitter, Reddit, and hacker news. Guess someone else either discovered it or they found this thread.
If you notice, the REST of the comment about it being on Twitter, Reddit, and hacker news were all made YESTERDAY, on November 28, 2017. . . because that's when even THEY noticed this. Someone went and did a search of the Apple Forums for any comments on this and found it. . . so, no, it was NOT all over any of these forums before yesterday when it was formally discovered.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.