Be careful, anyone can enter your Mac this way !

MS has long ceased to be the Dark Side, Apple usurped that role years ago. Even South Park referenced that in their Apple human cent-Ipad episode. And it wasn't exactly a secret that the only reason Apple had less security scares was because its market share was so much smaller. Appletards even proudly said so. Of course they forgot that the more people started using Apple, the more interesting they became to criminal hackers.

But I don't think MS has stopped being the Dark Side. They're still evil, it's just that Apple has dethroned them as the reigning Dark Lord of the Sith. Which is the nature of the Dark Side. In the end there can be only one Master, and the apprentice either kills the Master, or gets killed beforehand.
 
Not "anyone" ...

"So, anybody who has physical access to your Mac or can get through via screen sharing, VNC, or remote desktop, and enters "root" and hits login repeatedly, can gain complete access to the machine."

Thanks for the heads up. I don't understand all drama you try to evolve thou. All that PC vs Mac nonsens was already old a decade ago.

As long as there is any "computers" there will be security risks ... some large ... some small ... every time new OS's and software is released.
 
Sustainerplayer said:
Not "anyone" ...

"So, anybody who has physical access to your Mac or can get through via screen sharing, VNC, or remote desktop, and enters "root" and hits login repeatedly, can gain complete access to the machine."

Thanks for the heads up. I don't understand all drama you try to evolve thou. All that PC vs Mac nonsens was already old a decade ago.

As long as there is any "computers" there will be security risks ... some large ... some small ... every time new OS's and software is released.
Click to expand...
No drama, we just don't need 2 computer oses, it just complexifies the world
And macos development is a pain, so it has to die
 
Sustainerplayer said:
Not "anyone" ...

"So, anybody who has physical access to your Mac or can get through via screen sharing, VNC, or remote desktop, and enters "root" and hits login repeatedly, can gain complete access to the machine."
Click to expand...

It's a Linux kernel, so someone may be able to gain access via Telnet or SSH as well.
 
Sustainerplayer said:
All that PC vs Mac nonsens was already old a decade ago.
Click to expand...

I can't speak for the OP, but personally I'll admit to a sense of schadenfreude. Because for years the Apple fanboys (by that I mean the loud obnoxious preachy ones, not the average users), were always going on how Apple OSX was so much more secure then windows. And I know a really obnoxious preachy Apple fanboy in real life. So this......., kinda gives me a warm tingly feeling. It's bad, I admit it, but I still get a warm tingly feeling.
 
Muad'zin said:
I can't speak for the OP, but personally I'll admit to a sense of schadenfreude. Because for years the Apple fanboys (by that I mean the loud obnoxious preachy ones, not the average users), were always going on how Apple OSX was so much more secure then windows. And I know a really obnoxious preachy Apple fanboy in real life. So this......., kinda gives me a warm tingly feeling. It's bad, I admit it, but I still get a warm tingly feeling.
Click to expand...
+1
 
Edit: official patch from Apple is now available here: https://support.apple.com/en-us/HT208315

Apple QA has gone to shit.

Run this to set a random password on your root account and close the exploit hole. You DO NOT need to know root’s password on your OS X box.

Code: 
cat /dev/urandom | env LC_CTYPE=C tr -dc a-zA-Z0-9 | head -c 60 | xargs -I rootpw sudo dscl . -passwd /Users/root rootpw

And to be clear: you have to have ssh or screen sharing (via the built-in VNC server) enabled AND have a public IP for this to be exploitable. Default OS X settings have those sharing settings off in System Preferences so the first thing is false. And if you’re on your home router it’s unlikely the second thing is true.
 
Last edited:
iaresee said:
And to be clear: you have to have ssh or screen sharing (via the built-in VNC server) enabled AND have a public IP for this to be exploitable. Default OS X settings have those sharing settings off in System Preferences so the first thing is false. And if you’re on your home router it’s unlikely the second thing is true.
Click to expand...
Yes but you could also receive a virus by email or downloading something, a very simple virus that would get the root access and erase/infect everything...
 
This is not likely. You need physical or remote access to the Mac, a valid account (or the use of one) and access to the user/groups GUI. Set a root password and you will be ok until a patch is released (which Apple says is forthcoming).
 
But the problem with the Apple politic is you neither have the freedom you get in Windows and now neither the security...
 
Obviously you don't like Macs. That's cool. I work in cyber security and while my preference is Linux, I would still take a Mac any day over Windows. Every second Tuesday of the month we have to review and roll out Microsoft Security patches. Is this major for Apple? YES. I am shocked but in the end it is what appears to be a buffer overflow and I will bet that it boils down to bad error handling in the dialog box code. It's all about the code IMO.
 
AlGrenadine said:
Yes but you could also receive a virus by email or downloading something, a very simple virus that would get the root access and erase/infect everything...
Click to expand...
Again, only possible if sshd or vnc was enabled, which by default it is not AND you executed the malicious code. Lots of things need to line up for this to be exploited.

Still stupid but let’s not over inflate the risk. Take a deep breath, quell your dislike for OS X and Apple, and try to look at it rationally.

Anyone who claims any large piece of software is completely secure is just looking to get owned. Safe, secure software is neigh impossible to write. There's deserved egg on their face if someone thought OS X would never have a serious security vulnerability like this.

Apple's failure to keep a decent bug bounty and reporting system up and running for its software is really not helping here. The exploit could have been reported two weeks ago but Apple makes all but impossible to get in touch with them in any way that isn't just a blackhole. Throwing public RADARs into the developer but reporting system is an exercise in futility.

iOS 11...don't get me started on all shit they broke in that massive rewrite...
 
Last edited:
I'd much rather the occasional macOS/iOS security issue than the constant river of trash that is the security updates for Windows. You can tell me how much better it is now or whatever but I've been hurt too many times in the past to believe it. "I love you baby no shit I'm gonna change you'll see". Yeah, right.
 
@h.c.e. I think it's worth discussion. It's a pretty gross bug. They forked this BSD code to hook in keychain and opendirectory support so it was on them to make sure the forked code was well-tested; clearly they didn't do that. Good lesson not to fork the really important shit. :)
 
MSS said:
Obviously you don't like Macs. That's cool. I work in cyber security and while my preference is Linux, I would still take a Mac any day over Windows. Every second Tuesday of the month we have to review and roll out Microsoft Security patches. Is this major for Apple? YES. I am shocked but in the end it is what appears to be a buffer overflow and I will bet that it boils down to bad error handling in the dialog box code. It's all about the code IMO.
Click to expand...
USMC_Trev said:
I'd much rather the occasional macOS/iOS security issue than the constant river of trash that is the security updates for Windows. You can tell me how much better it is now or whatever but I've been hurt too many times in the past to believe it. "I love you baby no **** I'm gonna change you'll see". Yeah, right.
Click to expand...
Never experienced any problem on windows in more than 20 years of use.
I experience big problems each time apple releases a new ios version
 
You must log in or register to reply here.
Back
Top Bottom