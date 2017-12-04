Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 


Apple Snafu Means Updating To macOS 10.13.1 Could Reactivate Root Access Bug (betanews.com) 16

Mark Wilson writes: A few days ago, a serious security flaw with macOS High Sierra came to light. It was discovered that it was possible to log into the 'root' account without entering a password, and -- although the company seemed to have been alerted to the issue a couple of weeks back -- praise was heaped on Apple for pushing a fix out of the door quickly. But calm those celebrations. It now transpires that the bug fix has a bug of its own. Upgrade to macOS 10.13.1 and you could well find that the patch is undone. Slow hand clap.

  • "My slowclap processor made it into this thing." -GLaDOS

  • This is definitely huge blunder, but a SNAFU? Because it stands for "Situation Normal - All Fucked Up" and implies something happens all the time, which is not the case here. Sure, the FaceID debacle happened relatively recently, but these kinds of security fuck-ups are a regular thing even for Apple.

    Oh and before someone starts compiling a list of security screw-ups going back to the 80s, one or two legitimate screw-ups every few years are hardly "situation normal" type scenario.

      it wasn't about the facts, it was about supplementing the headline with some clickbait

      This is definitely huge blunder, but a SNAFU? Because it stands for "Situation Normal - All Fucked Up" and implies something happens all the time, which is not the case here.

      That's the origin, all right; however, since surfacing in WWII it's morphed from an acronym to a noun that means "a badly confused or ridiculously muddled situation". Seems appropriate in this case.

    must have done the fixed in between emoji design meetings.

  • This for Apple is what the burning batteries was for Samsung.

    You're pretty much guaranteed to make a major snafu every once in a while if you're a big tech company. The scary thing is when a snafu occurs when controlling a power plant, or a weapons system, or something that could be used as a weapon.

    As long as it's just phones and laptops we're OK.

    Of course if you upgrade to 10.13.1 it will remove the patch, the patch doesn't exist in that version and it is a full update, not a delta. Shortly after the upgrade it will download and apply the patch to 10.13.1.

  • And then within 24 hours Security Update 2017-001 is auto applied if not manually done so earlier.

    • So that 24 hour window is no problem.

      Are there any third-party web-pages that are out there with links, recommending 'upgrade to the new MacOS 10.13.1' that have ads displayed on them? I would like to purchase some ads.

  • Not sure who this "Root" guy is, but I always login with my iCloud username. Everyone knows iCloud is safe.

