Approve the Cookies
This website uses cookies to improve your user experience. By using this site, you agree to our use of cookies. Read More.
OK
Index  •   • New posts  •   • RTAT  •   • 'Best of'  •   • Gallery  •   • Gear  •   • Reviews
New posts  •   • RTAT  •   • 'Best of'  •   • Gallery  •   • Gear  •   • Reviews
Register to forums    Log in

 
FORUMS General Gear Talk Computers
Thread started 29 Nov 2017 (Wednesday) 10:50
Prev/next
sponsored links
(this ad will go away when you log in as registered member)

High Sierra security update

 
digital ­ paradise
Cream of the Crop
digital paradise's Avatar
12,246 posts
Gallery: 9 photos
Joined Oct 2009
Nov 29, 2017 10:50 |  #1

Somene discovered a bug that allows anyone to log in as root (i.e., the superuser who owns the machine) without a password.

This really only effects multiple users and networks but there is an security update today to fix that.


Image Editing OK

Website (external link) ~ Buy/Sell Feedback

LOG IN TO REPLY
sponsored links
(this ad will go away when you log in as registered member)
BigAl007
Cream of the Crop
Joined Dec 2010
Repps cum Bastwick, Gt Yarmouth, Norfolk, UK.
Dec 03, 2017 02:30 |  #2

Actually that affects any machine at any time while it is connected to the internet. You can usually log on to Unix based systems from anywhere. OSX is based on BSD, an open source Unix like clone, similar to Linux.

Root access is the holy grail of hacking, since once you have Root access you have full adminastrative control of the machine. Having unsecured Root access is as bad as it can get.

Alan


My Flickr (external link)
My new Aviation images blog site (external link)

LOG IN TO REPLY
digital ­ paradise
THREAD ­ STARTER
Cream of the Crop
digital paradise's Avatar
12,246 posts
Gallery: 9 photos
Joined Oct 2009
Dec 03, 2017 07:13 |  #3

Wasn't aware of that. Thanks fo the info.


Image Editing OK

Website (external link) ~ Buy/Sell Feedback

LOG IN TO REPLY
AZGeorge
Goldmember
AZGeorge's Avatar
Joined Dec 2010
Southen Arizona
Dec 03, 2017 12:22 |  #4

BigAl007 wrote in post #18509313 (external link)
Actually that affects any machine at any time while it is connected to the internet. You can usually log on to Unix based systems from anywhere. OSX is based on BSD, an open source Unix like clone, similar to Linux.

Root access is the holy grail of hacking, since once you have Root access you have full adminastrative control of the machine. Having unsecured Root access is as bad as it can get.

Alan

Yes, what Alan says.

Apparently the default High Sierra has root disabled and there is no password so the exploit only needs to enable root. This is not good!

Even when the account is not in use, root should have a good password.


George
Democracy Dies in Darkness

LOG IN TO REPLY
digital ­ paradise
THREAD ­ STARTER
Cream of the Crop
digital paradise's Avatar
12,246 posts
Gallery: 9 photos
Joined Oct 2009
Dec 03, 2017 13:07 |  #5

I'm a little confused because I know very little about this stuff. I installed the update the other day but now I'm reading this. I see no other updates since about 3 days ago.

https://www.macrumors.​com ...ot-fix-reinstall-10-13-1/ (external link)

Here is a thread abut more on this.

https://www.dpreview.c​om/forums/post/6045582​2 (external link)


Image Editing OK

Website (external link) ~ Buy/Sell Feedback

LOG IN TO REPLY
BigAl007
Cream of the Crop
Joined Dec 2010
Repps cum Bastwick, Gt Yarmouth, Norfolk, UK.
Dec 03, 2017 13:27 |  #6

digital paradise wrote in post #18509662 (external link)
I'm a little confused because I know very little about this stuff. I installed the update the other day but now I'm reading this. I see no other updates since about 3 days ago.

https://www.macrumors.​com ...ot-fix-reinstall-10-13-1/ (external link)

Here is a thread abut more on this.

https://www.dpreview.c​om/forums/post/6045582​2 (external link)


Looking at the first link it looks as if, if you are running 10.13 and installed the fix, you will need to install the fix again, along with a reboot when moving to 10.13.1. If it were me I would check my version number, and if I were on 10.13.1 I would run that security fix again and reboot my system, just to be sure. It looks like Apple have a correctly fixed version in the pipeline, 10.13.2 that should solve these problems correctly.

It seems a pretty serious screw up to release a point update that reinstalls the original problem.

Me I run Windows, and the only Apple computer I have ever owned was a IIe.

Alan


My Flickr (external link)
My new Aviation images blog site (external link)

LOG IN TO REPLY
digital ­ paradise
THREAD ­ STARTER
Cream of the Crop
digital paradise's Avatar
12,246 posts
Gallery: 9 photos
Joined Oct 2009
Dec 03, 2017 13:33 |  #7

Yes I'm on 10.13.1 in both machines. I made sure they both were on that 3 days ago when I updated. Nothing there today and there is no way to re-install anything so figure I'll just wait until Apple does a formal update.

Thank You again.


Image Editing OK

Website (external link) ~ Buy/Sell Feedback

LOG IN TO REPLY
BigAl007
Cream of the Crop
Joined Dec 2010
Repps cum Bastwick, Gt Yarmouth, Norfolk, UK.
Dec 04, 2017 05:11 |  #8

digital paradise wrote in post #18509684 (external link)
Yes I'm on 10.13.1 in both machines. I made sure they both were on that 3 days ago when I updated. Nothing there today and there is no way to re-install anything so figure I'll just wait until Apple does a formal update.

Thank You again.

Personally I would not simply wait, I would go here: https://support.apple.​com/en-us/HT208315 (external link) and follow the procedure outlined on that page. It will allow you to check if your machines have had the correct security patches installed or not. I would not wait, having open Root access on your machines allows anyone access that will allow them to read and or write any and all data to and from ALL user accounts. This is really important if you use the computers to make any sort of financial transactions, because not only can hackers get access to that information, they can even use your hardware to make transactions. This vulnerability gives criminals who want to exploit it unlimited access to your computer.

And good luck in proving that it wasn't you executing those money transfers, should anything go wrong.

Although I might not use OSX, I have had enough experience using Unix, and clones, to know just how bad uncontrolled Root access on a system is.

Alan


My Flickr (external link)
My new Aviation images blog site (external link)

LOG IN TO REPLY
digital ­ paradise
THREAD ­ STARTER
Cream of the Crop
digital paradise's Avatar
12,246 posts
Gallery: 9 photos
Joined Oct 2009
Dec 04, 2017 08:42 |  #9

Thanks Alan. Woke up to this and followed the procedure. Everything looks good on both the System Report and Terminal app.


Image Editing OK

Website (external link) ~ Buy/Sell Feedback

LOG IN TO REPLY
sponsored links
(this ad will go away when you log in as registered member)

340 views & 0 likes for this thread
High Sierra security update
FORUMS General Gear Talk Computers


Not a member yet? Click here to register to the forums.
Registered members get all the features: search, following threads, own gear list and ratings, likes, more forums, private messaging, thread follow, notifications, own gallery, settings, view hosted photos, own reviews and more...


AAA

Send feedback to staff    •   Jump to forum...    •   Rules    •   Index    •   New posts    •   RTAT    •   'Best of'    •   Gallery    •   Gear    •   Reviews    •   Polls

COOKIES DISCLAIMER: This website uses cookies to improve your user experience. By using this site, you agree to our use of cookies. Privacy policy and cookie usage info.

POWERED BY AMASS 1.4version 1.4
made in Finland
by Pekka Saarinen
for photography-on-the.net
Spent 0.0012 for 4 database queries.
PAGE COMPLETED IN 0.02s
Latest registered member is xeunskate
779 guests, 303 members online
Simultaneous users record so far is 6430, that happened on Dec 03, 2017