• How quickly — and thoroughly — does Apple fix macOS security holes?

    Home » Forums » Newsletter and Homepage topics » How quickly — and thoroughly — does Apple fix macOS security holes?

    Tags:

    Author
    Topic
    woody
    Manager
    November 29, 2017 at 10:56 am #148378

    You’ve no doubt read about the glaring security hole in macOS High Sierra version 10.13.1, that allows anybody to log in with the “root” account and n
    [See the full post at: How quickly — and thoroughly — does Apple fix macOS security holes?]

    Reply | Quote
    Viewing 8 reply threads
    Author
    Replies
    • PKCano
      Manager
      November 29, 2017 at 11:01 am #148380

      Yep. Just got the security update. And Mac updates don’t break the machine! Nor did it require a reboot!

      PS Mac’s don’t have Patch Tuesdays.

      4 users thanked author for this post.
      woody, Microfix, OscarCP, satrow
      Reply | Quote
    • anonymous
      Guest
      November 29, 2017 at 12:14 pm #148400

      It did surprise me that Apple had a lapse such as this, “root” doesent always spring to mind first but its in a logical thought process of getting to the Root of a drive.

      Thank goodness it wasnt something as obvious as “Admin”  even so I believe typing “root” without entering a password was a glaring omission although I believe if you had already setup a Root Account you were already safe. Long time since I had a Mac OS7-8 I do believe but toying with the idea of getting one in the near future.

      Although am I hearing right Apple intend to depreciate “Boot camp”?

      Yeah I still cant shake that “Windoze” addiction lol 🙂

      Reply | Quote
    • Microfix
      AskWoody MVP
      November 29, 2017 at 12:16 pm #148407

      At least their patches work and rectify the issue without other system anomalies.

      Windows - commercial by definition and now function...
      1 user thanked author for this post.
      Bill C.
      Reply | Quote
    • OscarCP
      Guest
      November 29, 2017 at 12:35 pm #148411

      Thanks Woody and PKCano.

      It is nice to learn that this nasty problem has been taken care already by Apple. After finding the warning in Ask Woody, I have passed it on by email to my colleagues, at places like NASA, to install the patch right away if they are already running High Sierra. All of them have Macs, because they can use the UNIX-like OS directly to do their work, that involves a lot of bespoke scientific and engineering software development, as there is usually no commercial application available for their purpose, so they must write their own. I like that too, for the same reason. Love my ageing Windows 7 PC as well, but the MS writing is now so very much on the wall for it…

      Users of “El Capitan” and plain “Sierra” versions of  Mac Os have close to one or two years left of support before end of life. So there is no urgent need to update to the latest and quite recently available version, High Sierra, in a hurry. Serious bugs and wrinkles are always a possibility when something new like this is first offered.

      Me? I am a systematic late adopter: still use plain old Sierra; and even have a clamshell phone — a new one, that works with the latest “G” standard. I like its small size, sufficient versatility, and use it with great pride, particularly when someone is looking.

       

       

       

      1 user thanked author for this post.
      Noel Carboni
      Reply | Quote
      • PKCano
        Manager
        November 29, 2017 at 12:37 pm #148414

        I know who you are but I have to keep putting your name on it. Please login! (LOL  🙂  )

        Reply | Quote
    • PKCano
      Manager
      November 29, 2017 at 12:41 pm #148416

      Check out some of the informative Topics on MacOS for Windows Wonks

      1 user thanked author for this post.
      woody
      Reply | Quote
    • OscarCP
      Guest
      November 29, 2017 at 4:33 pm #148486

      Dar PKCano,

      Something is still wrong somewhere: I did, and do, login every time and, immediately after that, I have recently been getting the message (in duplicate) that “you are already logged in.”

      Then I go, read the postings,thank some people for theirs using their “Thanks” buttons, and that definitely works. Assuming those buttons are showing, which, right now, they are not.

      But when I try to post something, the record of my logged-in presence seems to vanish.

      Reply | Quote
      • PKCano
        Manager
        November 29, 2017 at 4:38 pm #148495

        Does the button on the right side of the bar at the top say Log in or Log Out?

        Maybe it will all straighten out when we get the Login buttons back in the normal places.

        Reply | Quote
        • woody
          Manager
          November 29, 2017 at 8:52 pm #148525

          It should straighten out. At least, that’s the plan.

          I’m having the same problem, by the way. When I log in, I get a notification that I’m already logged in – even though I wasn’t.

          Reply | Quote
    • DrBonzo
      AskWoody Plus
      November 29, 2017 at 5:53 pm #148502

      Got an email overnight from a friend warning me about the security issue. I immediately checked for updates and there it was. Downloaded and installed in 5 minutes, no reboot required, and life goes on blessedly uneventfully.

      A huge boo-boo for sure, but at least they responded quickly and as near as I can tell correctly. MS would have waited a couple weeks before offering the patch, then let it hang around for a few days before needing to pull it, then issue a new patch with new KB number, all without telling anyone.

      I am curious about another potential security issue, though. A week or so ago Intel announced some issues with their processors, primarily 6th, 7th, and 8th generation Core i processors (some older ones as well). Something about Management Engine problems. Intel’s website mentioned Windows and Linux machines, but said nothing about MACs, some of which do use the 6, 7, and 8th generation Core I processors. Are these MACs vulnerable?

      I know there’s a thread here at askwoody but I didn’t see anything about MAC vulnerability on it.

      Reply | Quote
    • anonymous
      Guest
      November 29, 2017 at 11:51 pm #148558

      Even though I don’t like Apple, even I have to admit, their updates to OS X are at least a lot more stable than Windows updates, and they roll out fixes pretty quickly, unlike Microsoft.

      Reply | Quote
    • b
      AskWoody_MVP
      November 30, 2017 at 10:47 am #148671
      woody wrote:

      the patch … may or may not break the computer.

      True.

      Microfix wrote:

      At least their patches work and rectify the issue without other system anomalies.

      Not so true.

      “The patch that Apple rushed out yesterday to fix the root access flaw in macOS brings with it problems of its own.”
      http://www.zdnet.com/article/apples-patch-for-stupid-root-access-bug-breaks-file-sharing-for-some-but-the-fix-is-easy/

      (Easy for some. Difficult for others.)

      1 user thanked author for this post.
      woody
      Reply | Quote
      • PKCano
        Manager
        November 30, 2017 at 10:55 am #148674

        The patch was reissued this morning.

        We didn’t have to wait till the next Patch Tuesday, or the next, or the next…..

        Reply | Quote
        • b
          AskWoody_MVP
          November 30, 2017 at 12:53 pm #148704

          Where’s the reissued fix?

          Apple’s “Repair” advice doesn’t mention it: https://support.apple.com/en-us/HT208317

          How long did it take Microsoft to fix their last escalation of privilege vulnerability (properly)?

          Reply | Quote
          • PKCano
            Manager
            November 30, 2017 at 4:48 pm #148804

            A picture is worth 1000 words – Patchs issued 11/29/and 11/30

            Screen-Shot-2017-11-30-at-4.46.52-PM

            Reply | Quote
            • b
              AskWoody_MVP
              November 30, 2017 at 10:28 pm #148850

              Same update number and content link?

              If you really think that second fix is a fix for that first fix, then I have bridge to sell you.

              Apple had apparently known about this very serious flaw for weeks and did nothing: Not a quick fix at all, until bad publicity snowballed.

              Reply | Quote
    Viewing 8 reply threads
    Reply To: How quickly — and thoroughly — does Apple fix macOS security holes?

    You can use BBCodes to format your content.
    Your account can't use all available BBCodes, they will be stripped before saving.

    Your information:




DON'T MISS OUT!
Subscribe to the Free Newsletter
We promise not to spam you. Unsubscribe at any time.
Invalid email address

View the Forum

  • Recent Replies
  • My Replies
  • My Active Topics
  • New Posts in the Last day
  • Private Messages
  • Knowledge Base
  • How to use the Forums
  • All Forums

    • Recent Topics

    My Profile

    June 2025
    S M T W T F S
    1234567
    891011121314
    15161718192021
    22232425262728
    2930  

    Remembering Woody

     

    Want to Advertise in the free newsletter? How about a gift subscription in honor of a birthday? Send an email to sb@askwoody.com to ask how.

    Mastodon profile for DefConPatch
    Mastodon profile for AskWoody

     

    Home About FAQ Posts & Privacy Forums My Account
    Register Free Newsletter Plus Membership Gift Certificates MS-DEFCON Alerts

    Copyright ©2004-2025 by AskWoody Tech LLC. All Rights Reserved.