![]() ![]() 2 Updated 11:30am EST to include Apple's software update to fix the problem. I don't know if I should laugh or cry."ġ Corrected 11:30pm EST to note that the short term fix for High Sierra's security flaw is to set a root password, not to either set that password or disable root access, as this article had originally stated. "It's crazy these kinds of bugs keep blowing up. Maybe this is something that will encourage them to go down that path," Wardle says. Apple does have a bug bounty, but only for iOS, not MacOS. Wardle argues that those flaws might have been caught earlier if Apple offered a "bug bounty" for information about security vulnerabilities in its desktop software, just as most other companies do. And another shocking bug showed the user's password as a password hint when they try to unlock an encrypted partition on their machine known as an APFS container. On the day the operating system launched, Wardle found that malicious code running on the operating system could steal the contents of its keychain without a password. The face-palm worthy bug is only the latest in a disturbing series that have plagued High Sierra. And I saw the security issue with my eyes. macOS Sierra and Windows 10 are both mature, powerful, easy-to-use operating systems, but macOS holds the edge when it comes to coherence, convenience, and being pleasurable to use. "They informed me and tried on my machine too. High Sierra's "root" bug was first revealed by Turkish software developer Lemi Orhan Ergin, who says security staff at his company stumbled on the issue while trying to help a user get back into their account. 'This is best, easiest way ever to get root, and Apple has handed it to them on a silver platter.' If you've installed High Sierra and haven't yet updated, you should do it now. ![]() But the safest fix is to install Apple's update. We are auditing our development processes to help prevent this from happening again."īefore Apple made that patch available, MalwareBytes' Reed also noted-and other researchers confirm-that it's possible to block the attack simply by setting a password for the root user. "We greatly regret this error and we apologize to all Mac users, both for releasing with this vulnerability and for the concern it has caused. "Security is a top priority for every Apple product, and regrettably we stumbled with this release of macOS," the company said in a statement. "This was addressed with improved credential validation." "A logic error existed in the validation of credentials," Apple's update reads. Why publish an article advocating security only to tell people to run off and google what they should be doing? To have any value or credibility there should have been recommended links published with the article.On Wednesday, about 18 hours after the bug was widely publicized, Apple announced a security update to High Sierra designed to fix the "root" flaw. “Please consult various OS X hardening guides for advice.” they repeat themselves by mentioning the feature again in the Continuity section (why?)Ĭompletely missed mentioning the right/control click, Open to launch unsigned apps, rather than having to go into security preferences. The author admits they didn’t have an Apple Watch (so, why are they commenting?) As a result, SCS Computing Facilities (SCSCF) is phasing out software support for all computers running macOS 10.13 High Sierra and will end support on January 31, 2021. Only 2013 and newer Mac’s (without workarounds) - this article assumes it will just work for everyone. Is macOS High Sierra still secure In keeping with Apple’s release cycle, we anticipate macOS 10.13 High Sierra will no longer receive security updates starting in January 2021. Unlike newer iOS devices, on macOS you must invoke Siri to have her listen to you. "Not everybody may be comfortable with having Siri listen in" Sorry, not overly impressed with that one.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |