Are you running macOS 10.13? If you're running the beta of 10.13.2, it probably won't show up. The patch is not for 10.13.2, its for 10.13.1.
On a side note...when you just say the update isn't showing up thats not helpful. You need to say what you're running and any other specifics that could help someone help you. That way, I don't have to ask the question above. Thats like someone posting a helpdesk ticket saying there's a computer broken in the lab. Thanks! There's 30 computers in the lab and you didn't specify what one, what didn't work, etc.
Things have gotten to a sad state in the Apple Software Group when people finding bugs are saying screw the traditional 24 or 48 hour early warning before going public, Apple will just fart around and take their sweet time and/or just flat lie that they know nothing about it. Now the new norm is to publish the bug far and wide and encourage every media outlet to pick it up. Apparently the feeling is that Apple now only moves out quickly (with a fix) when publicly embarrassed instead of doing it because hundreds of thousands of their users could be harmed.
Once doesn't make a new normal - it's just as likely the originator was simply ignorant of disclosure best practice.
Well done Apple for patching so quickly - the vuln was there on my install.
No, it was not. Apple refuses to read their own users forums. If they would have read them, they'd known about this severe bug at least two weeks ago, as you can read here:
https://forums.developer.apple.com/thread/79235 Just browse to november 13th, and read the post written by chethan177.
Their excuse that they only got to know about this issue this Tuesday afternoon is just lame IMHO.
No, it was not. Apple refuses to read their own users forums. If they would have read them, they'd known about this severe bug at least two weeks ago, as you can read here:
https://forums.developer.apple.com/thread/79235 Just browse to november 13th, and read the post written by chethan177.
Their excuse that they only got to know about this issue this Tuesday afternoon is just lame IMHO.
If the problem wasn’t submitted as a bug report then I’m not surprised they didn’t know about it. That’s how this stuff is usually done, rather than having engineers watching forums all day long looking for problems.
No, it was not. Apple refuses to read their own users forums. If they would have read them, they'd known about this severe bug at least two weeks ago, as you can read here:
https://forums.developer.apple.com/thread/79235 Just browse to november 13th, and read the post written by chethan177.
Their excuse that they only got to know about this issue this Tuesday afternoon is just lame IMHO.
If the problem wasn’t submitted as a bug report then I’m not surprised they didn’t know about it. That’s how this stuff is usually done, rather than having engineers watching forums all day long looking for problems.
Watching developer forums is in fact part of the job description of some engineers. And if they aren’t watched - they should be. So should some external forums.
Question... after the patch to close the vulnerability is applied, and going forward... should the steps, in https://support.apple.com/en-us/HT204012, to change the root user's password always be followed each time you setup a new Mac - like as a best practice? Or is that unneccesary?
I'm not clear on if the only thing that's been fixed by the security update is that the root account has been disabled again by default, or if the password has also been set to some internal-to-Apple secret.
Considering that it's traditionally a best practice of change the admin or root password of any computer OS, router, etc. during initial setup, the article read like it's telling customers and Enterprises to always change this password, or detailing the consequences of changing / not changing it during initial setup.
Question... after the patch to close the vulnerability is applied, and going forward... should the steps, in https://support.apple.com/en-us/HT204012, to change the root user's password always be followed each time you setup a new Mac - like as a best practice? Or is that unneccesary?
I'm not clear on if the only thing that's been fixed by the security update is that the root account has been disabled again by default, or if the password has also been set to some internal-to-Apple secret.
Considering that it's traditionally a best practice of change the admin or root password of any computer OS, router, etc. during initial setup, the article read like it's telling customers and Enterprises to always change this password, or detailing the consequences of changing / not changing it during initial setup.
Anyone not changing a default root/admin password is asking for troubles, not sure why anyone would not do that as its been a standard practice for 30 years (at least in my circle).
Question... after the patch to close the vulnerability is applied, and going forward... should the steps, in https://support.apple.com/en-us/HT204012, to change the root user's password always be followed each time you setup a new Mac - like as a best practice? Or is that unneccesary?
I'm not clear on if the only thing that's been fixed by the security update is that the root account has been disabled again by default, or if the password has also been set to some internal-to-Apple secret.
Considering that it's traditionally a best practice of change the admin or root password of any computer OS, router, etc. during initial setup, the article read like it's telling customers and Enterprises to always change this password, or detailing the consequences of changing / not changing it during initial setup.
Enabling Root is not one of those best practices in n macOS. Apple suggests using the sudo command in Terminal instead of enabling root.
Pretty stunning turnaround time for a company worth almost a trillion dollars with hundreds of millions of users.
What is stunning is how a company with such resources missed this.
Totally agree. The fact that they issued a patch so quickly makes me suspect they did know about it before the general public and were already working on a patch.
Has anyone noticed any problems?
I've just applied the update to three Macs, and now can't "map" a drive between any of them (Finder, Command-K, Browse, Connect As) - the dialog box just shakes when I enter the credentials (Registered user).
This is happening in all permutations between these Macs.
I've event restarted all three (and found that it finishes the installation), but still the same.
Could be conincidental, but I've never experienced this before.
Pretty stunning turnaround time for a company worth almost a trillion dollars with hundreds of millions of users.
What is stunning is how a company with such resources missed this.
Its stunning how people just shittalk while not knowing how things work...
I wish I could give your comment about 1000 likes. So many experts here telling us how Apple should have handled this, why they should have caught this, how they should have handled it. When this story broke yesterday the experts here couldn’t even agree what was happening, much less explain it properly. They argued about how to temporarily close the hole until a patch was released, accusing each other of being wrong. We had all manner of shit-talk goin on about something no one knew anything about. And that’s why I never take anonymous expert’s advice for any reason.
And it’s over. Everybody got their shots in against Apple, spewed their vitriol and venom, predicted gloom and doom, pontificated till the cows came home. We now return you to our regularly scheduled program of pissing and moaning about something else Apple has or has not done.
Just because it was posted on an Apple forum, doesn't mean Apple knew about this issue. I see no where in the early part of the thread where someone said they notified Apple of the issue.
Agreed. Almost every company provides a dedicated address for reporting product security issues. For Apple it is [email protected]. Additionally, any product security issue found in any product from any vendor can be reported through US-CERT. User forums are definitely not the best place for reporting security issues.
Has anyone noticed any problems?
I've just applied the update to three Macs, and now can't "map" a drive between any of them (Finder, Command-K, Browse, Connect As) - the dialog box just shakes when I enter the credentials (Registered user).
This is happening in all permutations between these Macs.
I've event restarted all three (and found that it finishes the installation), but still the same.
Could be conincidental, but I've never experienced this before.
Comments
On a side note...when you just say the update isn't showing up thats not helpful. You need to say what you're running and any other specifics that could help someone help you. That way, I don't have to ask the question above. Thats like someone posting a helpdesk ticket saying there's a computer broken in the lab. Thanks! There's 30 computers in the lab and you didn't specify what one, what didn't work, etc.
Well done Apple for patching so quickly - the vuln was there on my install.
If the problem wasn’t submitted as a bug report then I’m not surprised they didn’t know about it. That’s how this stuff is usually done, rather than having engineers watching forums all day long looking for problems.
At the end of Apple's Security Update page (https://support.apple.com/en-us/HT208315), it states "If you require the root user account on your Mac, you will need to re-enable the root user and change the root user's password after this update."
I'm not clear on if the only thing that's been fixed by the security update is that the root account has been disabled again by default, or if the password has also been set to some internal-to-Apple secret.
Considering that it's traditionally a best practice of change the admin or root password of any computer OS, router, etc. during initial setup, the article read like it's telling customers and Enterprises to always change this password, or detailing the consequences of changing / not changing it during initial setup.
https://support.apple.com/en-us/HT204012
Hope the patch to the patch doesn't break something else.