Re: Updated to High Sierra, all Admin accounts now Standard
Level 1 (0 points)
Oh my god that should not work but it does. This is really REALLY bad. Some bug in authentication is ENABLING root with no password the first time it fails!
Re: Updated to High Sierra, all Admin accounts now Standard
Aaaand it’s all over Twitter, Reddit , and hacker news. Guess someone else either discovered it or they found this thread.
Yup, that post from Chethan177 does exist on an Apple Developers' Forum, cynwoody. . . but if you read all of the rest of the 225 posts related to the original post, which I have, it was in an essentially finished topic thread from a Developer named Taylor E posting seeking help back on June 8, 2017, almost six months ago, when Taylor E, it turns out, had somehow gotten his Admin User's credentials fouled up.
Apple employees would never have seen this comment by Chethan177, unless some member of the forum actually reported it.
Why is that?
There are literally thousands of these topic posts on Apple Developers' Forums, Cynwoody. Thousands. These particular Apple Developers' Forums are not-moderated-by-Apple forums, meaning Apple pays no attention to them. They are for independent Apple developers to provide community help for each other without Apple employee input. They're intended for the community of independent developers to provide assistance to other Apple developers who run into problems utilizing the experience and knowledge of other developers willing to share solutions. The reason Apple does not even look at it is due to legal liability where developers may be working independently on something Apple itself may also be also developing in house.
Chethan177, not noticing that Taylor E's problem had long since been resolved, posted his comment and suggestions three nested comments deep two weeks ago. In fact, Cynwoody, until yesterday, Chethan177's comment of November 13, 2017, WAS THE LAST COMMENT IN THE THREAD! All following comments relative to Chethan177's were made after November 28th when someone made a search of Apple forums for anything related to Root access.
Yesterday, on November 28th, after the Root Exploit had been exposed to the world, CoyoteDen jumped in. . . which was BEFORE it was first a topic on Reddit.
Chethan177 later says that he was totally unaware that it was a Root exploit, but he merely thought it allowed access to the Admin user, until the other commenters point it out to him There were a couple shocked comments by others starting on November 28, 2017, that it allowed Root access and shouldn't. But no one commented contemporaneously that Apple should have been notified because no one commented on Chethan177's comment at the bottom of the thread because the evidence shows that essentially NO ONE READ HIS COMMENT before November 28th.
There were no contemporary comments made right after Chethan177's original posting on November 13, 2017.
I think they are ALL forgetting that this particular set of forums were NOT moderated or even read by Apple, and figured Apple should have jumped on it. . . but since it was not moderated or even visited, it was not.
CoyoteDen (Nov 28, 2017 6:31 PM): Aaaand it’s all over Twitter, Reddit, and hacker news. Guess someone else either discovered it or they found this thread.
If you notice, the REST of the comment about it being on Twitter, Reddit, and hacker news were all made YESTERDAY, on November 28, 2017. . . because that's when even THEY noticed this. Someone went and did a search of the Apple Forums for any comments on this and found it. . . so, no, it was NOT all over any of these forums before yesterday when it was formally discovered.