[UNPATCHED] Major Apple security flaw grants admin access on macOS High Sierra without password

[Nowak]

14 minutes ago, Dan Castellaneta said:

This sounds intentional for all the wrong reasons.

It is intentional.

 

 

[ARikozuM]

24 minutes ago, Daring said:

Don't worry guys, working as intended!

 

I guess we can close this for not being news. 

[BlueChinchillaEatingDorito]

7 minutes ago, huilun02 said:

I'm sure @DrMacintosh can explain this login method's existence. You shouldn't worry about having your nudes leaked id your macbook gets stolen. Apple is infallible.

Your last sentence is going to trigger so many people. Be careful. Nothing in security is infallible. There's always a way to break security features and people will find a way to exploit it.

 

Just look at the many ways you can bypass the lockscreen in iOS 11. Granted, they don't provide full access, but does allow unauthorized access to contacts and photos. 

[captain_to_fire]

Both iOS 11 and High Sierra seems to have escaped quality control. Granted, this security bug in high sierra can be prevented by enabling full disk encryption using File Vault. 

 

But then, let’s not pretend that other desktop operating systems haven’t experienced this so hopefully Apple releases a software update quickly. Maybe Apple should change their employees who are responsible for testing their software. 

[vetali]

10 minutes ago, hey_yo_ said:

Both iOS 11 and High Sierra seems to have escaped quality control. Granted, this security bug in high sierra can be prevented by enabling full disk encryption using File Vault. 

 

But then, let’s not pretend that other desktop operating systems haven’t experienced this so hopefully Apple releases a software update quickly. Maybe Apple should change their employees who are responsible for testing their software. 

I can't speak for macOS, but iOS 11 is very sloppy. 11.2 fixed some stuff, but it still just feels rushed. They need to stop with the one year cycles of major updates. If anything, its more like 6 months. Because soon WWDC will roll around and iOS 12 will get unveiled. Seems like the same for macOS as well.

[captain_to_fire]

Just now, vetali said:

I can't speak for macOS, but iOS 11 is very sloppy. 11.2 fixed some stuff, but it still just feels rushed. They need to stop with the one year cycles of major updates. If anything, its more like 6 months. Because soon WWDC will roll around and iOS 12 will get unveiled. Seems like the same for macOS as well.

Whenever Linus says that iOS 11 is awesome on previous WAN show episodes, part of me wants to throw my iPhone because iOS 11 is the dumbest and shittiest iOS release to date. Never before have I ever experienced so many iOS bugs than iOS 11 which makes me question if Craig Federighi has the right staff for software quality control. 

[ItsMitch]

1 hour ago, ARikozuM said:

I guess we can close this for not being news. 

hmm...

Apple released a statement to the press with the following about the exploit:

Quote

An Apple spokesperson said in an emailed statement: "We are working on a software update to address this issue. In the meantime, setting a root password prevents unauthorized access to your Mac. To enable the Root User and set a password, please follow the instructions here: https://support.apple.com/en-us/HT204012. If a Root User is already enabled, to ensure a blank password is not set, please follow the instructions from the ‘Change the root password’ section."

more like, "sorry we forgot this shit was in lol, we'll remove it we guess"

[vanished]

4 minutes ago, SC2Mitch said:

hmm...

Apple released a statement to the press with the following about the exploit:

more like, "sorry we forgot this shit was in lol, we'll remove it we guess"

That doesn't make any sense... the problem here is that you can get into the root account with no password by clicking the button a few times.  Telling people "setting a root password prevents unauthorized access to your Mac." is just straight up denying this exploit exists which makes no sense since they acknowledged it just a sentence prior...

[ItsMitch]

Just now, Ryan_Vickers said:

That doesn't make any sense... the problem here is that you can get into the root account with no password by clicking the button a few times.  Telling people "setting a root password prevents unauthorized access to your Mac." is just straight up denying this exploit exists which makes no sense since the acknowledged it just a sentence prior...

Yeah, it's bit weird, pushing it under the rug maybe? 

[DrMacintosh]

OP says “thank fuck I don’t own a Mac” 

 

But in order to be affected by this you have to have an unattended Mac or had one stolen and even know what the hell the root user is in MacOS. 

 

That being said it is a stupid whole and is apparently already being fixed. 

[vanished]

Just now, SC2Mitch said:

Yeah, it's bit weird, pushing it under the rug maybe? 

I can't imagine what they mean by that.  It's like if someone broke into your house and the lock company told you "well, we'll look into that but locking your doors prevents unauthorized access to your home".  Like, what?

[DrMacintosh]

19 minutes ago, hey_yo_ said:

Whenever Linus says that iOS 11 is awesome on previous WAN show episodes, part of me wants to throw my iPhone because iOS 11 is the dumbest and shittiest iOS release to date. Never before have I ever experienced so many iOS bugs than iOS 11 which makes me question if Craig Federighi has the right staff for software quality control. 

Should probably Restore. 

 

On iOS 11.1.2 with an iPhone 6s Plus and the only issue so far is that screenshots don’t always upload to iCloud and save locally when I want to send them in a messaging app. 

[vetali]

25 minutes ago, hey_yo_ said:

Whenever Linus says that iOS 11 is awesome on previous WAN show episodes, part of me wants to throw my iPhone because iOS 11 is the dumbest and shittiest iOS release to date. Never before have I ever experienced so many iOS bugs than iOS 11 which makes me question if Craig Federighi has the right staff for software quality control. 

Yeah I thought that as well when Linus said that. And he said that way back when it was first released. Luckily my biggest issue was fixed: it completely destroying battery life on my 6s and 8 plus. I also dunno what apple did, but predictive text is completely garbage now. I use the default apple keyboard because nobody has really replicated the 3d touch to move your cursor freely in the textbox as well as the apple keyboard. Used to be good enough in 10. Now its almost unbearable.

[DrMacintosh]

3 minutes ago, vetali said:

predictive text is completely garbage now.

Often with restores or updates the predictive text AI is reset, you have to use it to for it to know what you might want to type. 

 

For me the only change I have noticed is that it randomly duplicates words when it corrects misspelled ones. 

[79wjd]

4 minutes ago, vetali said:

I use the default apple keyboard because nobody has really replicated the 3d touch to move your cursor freely in the textbox as well as the apple keyboard.

I haven't used the stock Apple keyboard in quite a long time, but Gboard has implemented the force touch to move the cursor as well as being able to move the cursor by sliding on the spacebar and it works well imo.

[vetali]

1 hour ago, djdwosk97 said:

I haven't used the stock Apple keyboard in quite a long time, but Gboard has implemented the force touch to move the cursor as well as being able to move the cursor by sliding on the spacebar and it works well imo.

gboards cursor movement is a ghetto knock off of apples. Its much worse.

[79wjd]

5 minutes ago, vetali said:

gboards cursor movement is a ghetto knock off of apples. Its much worse.

You tempted me, I checked it out and it is significantly better. The lack of swype and the worse prediction is a dealbreaker for me though, as much as I do like the better cursor navigation. 

[mrchow19910319]

3 hours ago, hey_yo_ said:

Both iOS 11 and High Sierra seems to have escaped quality control.

rumor says both of the OS arent "fully baked" yet... but apple rushes to put them out because it has to be a yearly thingy.... a.k.a the October iphone release event 

[Not_Jony_Ive]

[captain_to_fire]

6 minutes ago, mrchow19910319 said:

rumor says both of the OS arent "fully baked" yet... but apple rushes to put them out because it has to be a yearly thingy.... a.k.a the October iphone release event 

For a company known to excel in optimizing software with existing hardware, they're starting to falter on that aspect.

[mrchow19910319]

23 minutes ago, hey_yo_ said:

For a company known to excel in optimizing software with existing hardware, they're starting to falter on that aspect.

as much as I love apple, you are absolutely right. I never thought one day macOS will cause me these much trouble. went to apple store more than 3 times just to "set everything right" and I am tech savvy enough to try all the solution I can find online as well as all the solution apple support recommended me. and the OS is STILL having small issues here and there right now..... 

 

welp.....no 1st day update from now on... 

[captain_to_fire]

9 minutes ago, mrchow19910319 said:

as much as I love apple, you are absolutely right. I never thought one day macOS will cause me these much trouble. went to apple store more than 3 times just to "set everything right" and I am tech savvy enough to try all the solution I can find online as well as all the solution apple support recommended me. and the OS is STILL having small issues here and there right now..... 

 

welp.....no 1st day update from now on... 

Maybe Apple needs to fire both Jony Ive for weird, asymmetrical designs and Craig Federighi for too much software bugs on iOS and macOS.

[79wjd]

22 minutes ago, mrchow19910319 said:

as much as I love apple, you are absolutely right. I never thought one day macOS will cause me these much trouble. went to apple store more than 3 times just to "set everything right" and I am tech savvy enough to try all the solution I can find online as well as all the solution apple support recommended me. and the OS is STILL having small issues here and there right now..... 

 

welp.....no 1st day update from now on... 

What kind of bugs? I'm still running El Capitan because I've been too lazy to upgrade to Sierra and then High Sierra.....but I was going to get around to it sooner or later.

[mrchow19910319]

50 minutes ago, djdwosk97 said:

What kind of bugs? I'm still running El Capitan because I've been too lazy to upgrade to Sierra and then High Sierra.....but I was going to get around to it sooner or later.

Disclaimer: not everyone runs into these kind of bugs... this is just an individual thing. 

 

1 hour ago, hey_yo_ said:

Maybe Apple needs to fire both Jony Ive for weird, asymmetrical designs and Craig Federighi for too much software bugs on iOS and macOS.

I dont give a shit about jony ive. BUt personally I really like craig federfighi. At least he is more authentic and energetic whenever he is on stage. 

[Trixanity]

Stupid vulnerability but it seems kinda familiar. Didn't Linux have something similar some months back? Something with repeating a certain action like 17 times giving full access? Although it does seem like in Apple's case it was almost intentional.

 

Also, is the root 'account' always enabled? If I recall on Windows you need to enable it yourself and on Linux you're prompted/supposed to change the root password.