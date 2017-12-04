Apple Snafu Means Updating To macOS 10.13.1 Could Reactivate Root Access Bug (betanews.com) 38
Mark Wilson writes: A few days ago, a serious security flaw with macOS High Sierra came to light. It was discovered that it was possible to log into the 'root' account without entering a password, and -- although the company seemed to have been alerted to the issue a couple of weeks back -- praise was heaped on Apple for pushing a fix out of the door quickly. But calm those celebrations. It now transpires that the bug fix has a bug of its own. Upgrade to macOS 10.13.1 and you could well find that the patch is undone. Slow hand clap.
Oh and before someone starts compiling a list of security screw-ups going back to the 80s, one or two legitimate screw-ups every few years are hardly "situation normal" type scenario.
it wasn't about the facts, it was about supplementing the headline with some clickbait
This is definitely huge blunder, but a SNAFU? Because it stands for "Situation Normal - All Fucked Up" and implies something happens all the time, which is not the case here.
That's the origin, all right; however, since surfacing in WWII it's morphed from an acronym to a noun that means "a badly confused or ridiculously muddled situation". Seems appropriate in this case.
There is a hatred of Apple, actually there is a bigger set of tribalism in general in our communities. Being Slashdot being a strong Linux tribe, this means Microsoft and Apple, who are not Linux systems will get hate.
Being Linux is free and open source, there is a general tribal dislike of capitalism and large companies.
So Microsoft is the worse, Not Linux, big company, closed source, not based on open standards.
Then Apple, (iOS and OSX are based on Unix which has simular standard to Linux) is slightly be
I see each operating system as being the best for specific scenarios:
- macOS for desktop (no need to worry about KDE vs Gnome, ALSA vs whatever, etc).
- Linux/BSD for servers (from the smallest to the biggest).
- Windows for gaming and enterprise users.
Absolutely fits. Not just for OS X and iOS where even the first point release is still too buggy to bother with on a new version, but also for their products in general where they pretend major flaws like swelling batteries don't exist.
This is definitely huge blunder, but a SNAFU? Because it stands for "Situation Normal - All Fucked Up" and implies something happens all the time, which is not the case here. Sure, the FaceID debacle happened relatively recently, but these kinds of security fuck-ups are a regular thing even for Apple.
Situation normal whataboutism runs rampant.
The same people who seem to have Stockholm syndrome about their Windows machines problems will suffer premature ejaculation over a Mac problem.
Having both OSs , this issue notwithstanding, MacOS is a lot safer.
Now I do have a few issues with High Sierra, the ease with which you could encrypt an external drive like say a thumbdrive has changed from utter simplicity to a major "What the flaming hell?" is one, but compared with the Windows 10 update mess, wh
Non story (Score:1)
Of course if you upgrade to 10.13.1 it will remove the patch, the patch doesn't exist in that version and it is a full update, not a delta. Shortly after the upgrade it will download and apply the patch to 10.13.1.
That does create a window of opportunity. It's a window that could be detected by many external firewalls, which monitor web traffic as a matter of course and could detect the Apple update download.
Isn't the "work around" to just have a root password (which there should be anyway)?
And then the patch is re-applied (Score:2)
And then within 24 hours Security Update 2017-001 is auto applied if not manually done so earlier.
So that 24 hour window is no problem.
Are there any third-party web-pages that are out there with links, recommending 'upgrade to the new MacOS 10.13.1' that have ads displayed on them? I would like to purchase some ads.
Big deal (Score:4, Funny)
Just stop nagging to upgrade please (Score:2)
I would like Apple to stop nagging me to upgrade to High Sierra via notifications. I am deathly afraid of clicking by accident. It is seldom that a Mac operating system upgrade soon after its launch goes well for the hapless end user. I'm sure I will do it some time, after I feel really good about my backup system and have no critical business scheduled. But when I invested in this MacBook Pro I felt it would last me 5-10 years as-is. Something closer to ZFS is great but not worth the aggravation that the A
Re: (Score:3)
I am deathly afraid of clicking by accident
You are easily frightened. If you click on most of it, it will launch the app store and show you a big banner telling you how awesome Apple thinks High Sierra is. If you click on the 'later' button, it will go away and bug you later. If you click on the 'install' button, it will launch the installer, which will then give you an option to cancel the installation. Which one of these possible outcomes causes a reaction of deathly fear?
Not the biggest issue with 10.13 (Score:2)
I had a customer with an older Macbook Pro, for whom updating to 10.13 overwrote her boot partition with the 10.13 recovery partition - then froze dead in its tracks leaving the laptop unbootable. All her files that weren't overwritten had to be recovered by signature through Photorec.
I put in a brand new hard drive (the drive was starting to fail), and installed Sierra. Updating to 10.13 (High Sierra) did the same thing again.
Only resetting the PRAM solved it. I can't really even make sense of why that
"We need a patch by COB today!" (Score:2)
So, what you're saying is that when you rush out a patch, the development and QA processes suffer? The hell you say. No one could have predicted *that*.
Sometimes you have to say "Make it work for the most common case *now* and we'll pick up anything we missed later.