Posted on 11/29/2017 3:49:52 PM PST by Swordmaker
“Apple Inc said on Wednesday it would review its software development process a day after a researcher discovered a bug in a new version of its Mac operating system that could give hackers total control of vulnerable machines,” Stephen Nellis reports for Reuters. “Apple said it released a patch to fix the bug on Wednesday morning and it would be automatically installed on vulnerable machines later in the day.”
“‘We greatly regret this error and we apologize to all Mac users,’ Apple said in a statement. ‘Our customers deserve better. We are auditing our development processes to help prevent this from happening again,'” Nellis reports. “The U.S. and German governments issued alerts advising Mac users to install the patch.”
“Apple said its security engineers learned of the problem on Tuesday afternoon and posted the patch within 24 hours,” Nellis reports. “‘Security is a top priority for every Apple product, and regrettably we stumbled with this release of Mac OS,’ Apple said in its statement.”
Read more in the full article here.
MacDailyNews Take: Perhaps this latest snafu has finally been the wake up call Apple needed.
We trust Apple to stay true to their word and expect them to up their game (not just in software, but across the board) which, in recent years, simply has not measured up to the fastidious level of excellence set and maintained for so long by Steve Jobs.
Be a yardstick of quality. Some people aren’t used to an environment where excellence is expected. — Steve Jobs
No problem. . . such stupidity is always a disappointment when we expect better from Apple.
Are you trying to 'splain something to me?
The bare-faced fact is, AAPL f-ed up.
Yep. There was a two-week hang-fire before the zero-day went off.
But I highly doubt it was someone searching for root access. Plainly, it was someone who chanced on the thread and realized, WTF‽
Indeed.
When I 1st read the alert I thought it required some one sitting at the device. I typed “root” in one time to see the result and it didnt work so i waited a day and saw your post. Swarched for the update and saw it. You were ahead of the curve on this one fer sure and thanks.
Not really. I was just taking the opportunity to share my exploration of the facts I discovered when everyone else is claiming that "obviously Apple has had this exploit for at least two weeks before doing anything about it!" meme. When I went to check if that were actually true, I found, no, it wasn't.
They were building a mountain out of a non-existent molehill from this LAST COMMENT in an obscure thread on a forum among thousands that no one, including Apple if you understood the nature of the forum, had looked at since Chethan177 wrote it more than two weeks ago.
The funny thing is that had Chethan177 reported it to Apple, he likely could have claimed a significant bug bounty worth many thousands of dollars, because Apple is paying good money for such bugs now. . . the more egregious the bug, the more they pay. They have paid up to $1 million for really significant bugs in iOS.
Worse - at least the “123456” password is a password - horrendously weak that it is... it’s at least SOMETHING in that field... To allow a bug that opens ROOT access without any password at all is insane...
Thanks for the backstory. I note CoyoteDen is a “Level 1 user with 0 points” who understood the implications of what was uncovered when they saw it.
What are the chances that this is an easy-access exploit that the MacOS developers use routinely when putting together/testing updates and, in this instance, they forgot to “close the door” when that update was wrapped up?
And I want to thank you also for all the work you put into tracking down the truth behind how that angle of the story developed. Would that real journalists did as much and as fast!
That's exactly what I think happened.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.