Rixstep
 About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Home » Industry Watch

Oops, Apple!

Script-kiddie-easy root exploit of macOS 10.13.1 High Sierra forces Apple to force fast update.


Get It

Try It

CUPERTINO (Rixstep) — It was bound to happen sooner or later, wasn't it. At any rate: it did. Apple's lastest macOS had a very very bad bug. A bug which led to script-kiddie-easy conquest of the entire system.

Start with the report from these guys - it's pretty thorough:



'In case you haven't heard the news, there is a massive security flaw which affects the latest version of macOS (High Sierra)...'

This all happened very fast. And the good news is your system is automatically updated - quite the feat, all things considered.

The Mitre run-down can be found here.



Beeb asked if Apple got sloppy.



'Just use "root" as a username, leave the password field blank, and hit "Enter" a few times.'

Even the Daily Mail got involved.

The Mail piece also includes a sidebar called 'HOW TO FIX IT', but this should be redundant. They do however point out something that may not occur to everyone:

'To exploit the bug, a hacker would need to have physical access to a vulnerable Mac when a user is logged on to the computer.'

Even if true, it's pretty serious, and warranted the measure taken by Cupertino.

Some pundits have asked if Apple can really afford bugs like this and/or trying to survive without a dedicated macOS team.

The technical answer should be obvious.

See Also
Slate: This Security Flaw Was So Dire...
Apple: About the security content of Security Update 2017-001

About | ACP | Buy | Industry Watch | Learning Curve | News | Products | Search | Substack
Copyright © Rixstep. All rights reserved.