Apple vulnerability: root login without password possible

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, Nov 29, 2017.

  1. Hilbert Hagedoorn

    Hilbert Hagedoorn Don Vito Corleone Staff Member

    Messages:
    48,400
    Likes Received:
    18,595
    GPU:
    AMD | NVIDIA
  2. sverek

    sverek Guest

    Messages:
    6,069
    Likes Received:
    2,975
    GPU:
    NOVIDIA -0.5GB
    Its just a backdoor for stupid FBI. Nothing to see here.
     
    Neo Cyrus and xIcarus like this.
  3. airbud7

    airbud7 Guest

    Messages:
    7,833
    Likes Received:
    4,797
    GPU:
    pny gtx 1060 xlr8
    First 2 threads I read this morning...how to steal Mercedes and hack a mac!

    God I love this site...:D
     
    sverek, xIcarus and rl66 like this.
  4. rl66

    rl66 Ancient Guru

    Messages:
    3,924
    Likes Received:
    839
    GPU:
    Sapphire RX 6700 XT
    Even more when the new mercedes pick up is a dacia/renault/nissan in desguise.

    It is nice to see more people exploring Mac's security fail.
    Apple have tried so many time the famous jedi trick on consumer:
    "this is not the droid we are searching for"... oups i mean "your mac can't be hacked and is invulnerable to virus"
     

  5. CrazY_Milojko

    CrazY_Milojko Ancient Guru

    Messages:
    2,683
    Likes Received:
    1,611
    GPU:
    Asus STRIX 1070 OC
    This is a freaking nightmare for admins...

    Situation today after some random kid came home from school:
    mom: "...hi dear, anything new at school today..."
    kid: "...meh, nothing much... got few A's... owned few apples..."
    mom: "...good boy! hope they tasted good..."
    kid: "...oh well... forget it mom..."
     
  6. Prince Valiant

    Prince Valiant Master Guru

    Messages:
    819
    Likes Received:
    146
    GPU:
    EVGA GTX 1080 ti
    Gold star for security, Apple.
     
  7. Fender178

    Fender178 Ancient Guru

    Messages:
    4,194
    Likes Received:
    213
    GPU:
    GTX 1070 | GTX 1060
    Way to go Apple. Makes me wonder if there is a similar vulnerability in Linux as well since Mac OS and Linux share some similarities. Also make me wonder on how long it will take Apple to fix this because in the past Apple is known for taking their sweet time to fix stuff like this.
     
    rl66 likes this.
  8. schmidtbag

    schmidtbag Ancient Guru

    Messages:
    7,976
    Likes Received:
    4,342
    GPU:
    Asrock 7700XT
    This sounds oddly familiar. I swear I've heard about this before many years ago.

    The word "similar" is accurate and important to distinguish, because they are not the same. Mac is loosely derived from BSD, while Linux was built from the ground-up having very little shared code. That being said, though Linux pretty much has no chance of having this problem, FreeBSD isn't 0%. Though, I'm confident any BSD variant is fine; this is probably just a downstream Mac problem.

    It's kind of like comparing humans to chimpanzees - we share a lot of the same DNA and both are primates, but that's pretty much where the similarities end.
     
  9. Fender178

    Fender178 Ancient Guru

    Messages:
    4,194
    Likes Received:
    213
    GPU:
    GTX 1070 | GTX 1060
    Ah I get ya. Very different code between the two OSes. They share some similarities like the login to install a program but thats a Unix thing I think.
     
  10. schmidtbag

    schmidtbag Ancient Guru

    Messages:
    7,976
    Likes Received:
    4,342
    GPU:
    Asrock 7700XT
    They're similar in the sense that they have the same core functionality, low-level tools, and principles, but they're different because they are developed independently and to my knowledge, very little of their code has ever mixed.
    But yeah, in pretty much all Unix-like OSes, you need to be root to have write access to anything that isn't in your home folder, and that includes installing things. For things like flash drives, the system needs to be configured to permit non-root access (but for most systems, that's a default behavior). It's stuff like this why these OSes are inherently more secure than Windows.
     

  11. heffeque

    heffeque Ancient Guru

    Messages:
    4,422
    Likes Received:
    205
    GPU:
    nVidia MX150
    Just wanted to comment that it has already been fixed.
     
  12. bigfutus

    bigfutus Master Guru

    Messages:
    535
    Likes Received:
    59
    GPU:
    MSI 3080 VENTUS 10G
    It's not a bug, it's a feature. Forgot your password? Just log in as root.
     
    sammarbella, schmidtbag and rl66 like this.
  13. rl66

    rl66 Ancient Guru

    Messages:
    3,924
    Likes Received:
    839
    GPU:
    Sapphire RX 6700 XT
    iOS is based on UNIX wich is not exactly a Linux.
    Based doesn't mean share everything and iOS forked long ago, when screen where CRT and madona where a young teen, i don't think it is due to the UNIX part :)

    Also every OS have vulnerabilities, Apple was thinking that they are the exeption until people start to play with their OS... i think this is the main issue for iOS.

    Anyway as said previously it is still more secured than Windows :)
     
  14. Kaarme

    Kaarme Ancient Guru

    Messages:
    3,513
    Likes Received:
    2,355
    GPU:
    Nvidia 4070 FE
    Apparently Apple issued a statement expressing regret about this flaw. Apple did. Apple admitted it did something wrong. Steve Jobs will crawl up from his grave very soon to reeducate the people leading Apple these days. They have clearly forgotten that Apple never makes mistakes. Mortals of limited intellect merely cannot always understand Apple's intentions.
     
  15. schmidtbag

    schmidtbag Ancient Guru

    Messages:
    7,976
    Likes Received:
    4,342
    GPU:
    Asrock 7700XT
    I'm not sure if this is sarcastic or not, because though Jobs was the idea person, he also nearly ran Apple into the ground, he struggled to see eye to eye with people, and he was a pretty awful person.
     

  16. Kaarme

    Kaarme Ancient Guru

    Messages:
    3,513
    Likes Received:
    2,355
    GPU:
    Nvidia 4070 FE
    That's what I was trying to say.
     

Share This Page