Apple vulnerability: root login without password possible

Discussion in 'Frontpage news' started by Hilbert Hagedoorn, Nov 29, 2017.

  1. Hilbert Hagedoorn

    Hilbert Hagedoorn Don Vito Corleone Staff Member

    Messages:
    36,841
    Likes Received:
    5,928
    GPU:
    AMD | NVIDIA
  2. sverek

    sverek Ancient Guru

    Messages:
    5,533
    Likes Received:
    2,387
    GPU:
    NOVIDIA -0.5GB
    Its just a backdoor for stupid FBI. Nothing to see here.
     
    Neo Cyrus and xIcarus like this.
  3. airbud7

    airbud7 Ancient Guru

    Messages:
    7,664
    Likes Received:
    4,446
    GPU:
    pny gtx 1060 xlr8
    First 2 threads I read this morning...how to steal Mercedes and hack a mac!

    God I love this site...:D
     
    sverek, xIcarus and rl66 like this.
  4. rl66

    rl66 Ancient Guru

    Messages:
    2,255
    Likes Received:
    159
    GPU:
    quadro K6000+Tesla M2090
    Even more when the new mercedes pick up is a dacia/renault/nissan in desguise.

    It is nice to see more people exploring Mac's security fail.
    Apple have tried so many time the famous jedi trick on consumer:
    "this is not the droid we are searching for"... oups i mean "your mac can't be hacked and is invulnerable to virus"
     

  5. CrazY_Milojko

    CrazY_Milojko Ancient Guru

    Messages:
    1,982
    Likes Received:
    271
    GPU:
    GTX760 270X GTX970
    This is a freaking nightmare for admins...

    Situation today after some random kid came home from school:
    mom: "...hi dear, anything new at school today..."
    kid: "...meh, nothing much... got few A's... owned few apples..."
    mom: "...good boy! hope they tasted good..."
    kid: "...oh well... forget it mom..."
     
  6. Prince Valiant

    Prince Valiant Master Guru

    Messages:
    698
    Likes Received:
    60
    GPU:
    EVGA GTX 1080 ti
    Gold star for security, Apple.
     
  7. Fender178

    Fender178 Ancient Guru

    Messages:
    3,807
    Likes Received:
    105
    GPU:
    GTX 1070 | GTX 1060
    Way to go Apple. Makes me wonder if there is a similar vulnerability in Linux as well since Mac OS and Linux share some similarities. Also make me wonder on how long it will take Apple to fix this because in the past Apple is known for taking their sweet time to fix stuff like this.
     
    rl66 likes this.
  8. schmidtbag

    schmidtbag Ancient Guru

    Messages:
    4,641
    Likes Received:
    1,471
    GPU:
    HIS R9 290
    This sounds oddly familiar. I swear I've heard about this before many years ago.

    The word "similar" is accurate and important to distinguish, because they are not the same. Mac is loosely derived from BSD, while Linux was built from the ground-up having very little shared code. That being said, though Linux pretty much has no chance of having this problem, FreeBSD isn't 0%. Though, I'm confident any BSD variant is fine; this is probably just a downstream Mac problem.

    It's kind of like comparing humans to chimpanzees - we share a lot of the same DNA and both are primates, but that's pretty much where the similarities end.
     
  9. Fender178

    Fender178 Ancient Guru

    Messages:
    3,807
    Likes Received:
    105
    GPU:
    GTX 1070 | GTX 1060
    Ah I get ya. Very different code between the two OSes. They share some similarities like the login to install a program but thats a Unix thing I think.
     
  10. schmidtbag

    schmidtbag Ancient Guru

    Messages:
    4,641
    Likes Received:
    1,471
    GPU:
    HIS R9 290
    They're similar in the sense that they have the same core functionality, low-level tools, and principles, but they're different because they are developed independently and to my knowledge, very little of their code has ever mixed.
    But yeah, in pretty much all Unix-like OSes, you need to be root to have write access to anything that isn't in your home folder, and that includes installing things. For things like flash drives, the system needs to be configured to permit non-root access (but for most systems, that's a default behavior). It's stuff like this why these OSes are inherently more secure than Windows.
     

  11. heffeque

    heffeque Ancient Guru

    Messages:
    3,947
    Likes Received:
    32
    GPU:
    nVidia MX150
    Just wanted to comment that it has already been fixed.
     
  12. bigfutus

    bigfutus Master Guru

    Messages:
    523
    Likes Received:
    43
    GPU:
    MSI GTX 1080 Ti
    It's not a bug, it's a feature. Forgot your password? Just log in as root.
     
    sammarbella, schmidtbag and rl66 like this.
  13. rl66

    rl66 Ancient Guru

    Messages:
    2,255
    Likes Received:
    159
    GPU:
    quadro K6000+Tesla M2090
    iOS is based on UNIX wich is not exactly a Linux.
    Based doesn't mean share everything and iOS forked long ago, when screen where CRT and madona where a young teen, i don't think it is due to the UNIX part :)

    Also every OS have vulnerabilities, Apple was thinking that they are the exeption until people start to play with their OS... i think this is the main issue for iOS.

    Anyway as said previously it is still more secured than Windows :)
     
  14. Kaarme

    Kaarme Ancient Guru

    Messages:
    1,758
    Likes Received:
    507
    GPU:
    Sapphire 390
    Apparently Apple issued a statement expressing regret about this flaw. Apple did. Apple admitted it did something wrong. Steve Jobs will crawl up from his grave very soon to reeducate the people leading Apple these days. They have clearly forgotten that Apple never makes mistakes. Mortals of limited intellect merely cannot always understand Apple's intentions.
     
  15. schmidtbag

    schmidtbag Ancient Guru

    Messages:
    4,641
    Likes Received:
    1,471
    GPU:
    HIS R9 290
    I'm not sure if this is sarcastic or not, because though Jobs was the idea person, he also nearly ran Apple into the ground, he struggled to see eye to eye with people, and he was a pretty awful person.
     

  16. Kaarme

    Kaarme Ancient Guru

    Messages:
    1,758
    Likes Received:
    507
    GPU:
    Sapphire 390
    That's what I was trying to say.
     

Share This Page