Posted on 11/29/2017 3:49:52 PM PST by Swordmaker
No problem. . . such stupidity is always a disappointment when we expect better from Apple.
Are you trying to 'splain something to me?
The bare-faced fact is, AAPL f-ed up.
Yep. There was a two-week hang-fire before the zero-day went off.
But I highly doubt it was someone searching for root access. Plainly, it was someone who chanced on the thread and realized, WTF‽
Indeed.
When I 1st read the alert I thought it required some one sitting at the device. I typed “root” in one time to see the result and it didnt work so i waited a day and saw your post. Swarched for the update and saw it. You were ahead of the curve on this one fer sure and thanks.
Not really. I was just taking the opportunity to share my exploration of the facts I discovered when everyone else is claiming that "obviously Apple has had this exploit for at least two weeks before doing anything about it!" meme. When I went to check if that were actually true, I found, no, it wasn't.
They were building a mountain out of a non-existent molehill from this LAST COMMENT in an obscure thread on a forum among thousands that no one, including Apple if you understood the nature of the forum, had looked at since Chethan177 wrote it more than two weeks ago.
The funny thing is that had Chethan177 reported it to Apple, he likely could have claimed a significant bug bounty worth many thousands of dollars, because Apple is paying good money for such bugs now. . . the more egregious the bug, the more they pay. They have paid up to $1 million for really significant bugs in iOS.
Worse - at least the “123456” password is a password - horrendously weak that it is... it’s at least SOMETHING in that field... To allow a bug that opens ROOT access without any password at all is insane...
Thanks for the backstory. I note CoyoteDen is a “Level 1 user with 0 points” who understood the implications of what was uncovered when they saw it.
What are the chances that this is an easy-access exploit that the MacOS developers use routinely when putting together/testing updates and, in this instance, they forgot to “close the door” when that update was wrapped up?
And I want to thank you also for all the work you put into tracking down the truth behind how that angle of the story developed. Would that real journalists did as much and as fast!
That's exactly what I think happened.
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.