Apple explains how to fix macOS High Sierra file sharing after security update breaks feat...

2»

Comments

  • Reply 21 of 31
    dewme said:
    Rayz2016 said:
    Reposting this here because I think it’s important.  

    http://www.bbc.co.uk/news/technology-42174168

    Apple’s apology for the original snafu. 
    Good to see Apple openly admitting that it stumbled and made a mistake, which it has now corrected.

    The whole disclosure thing, however, still leaves me feeling cold about current manifestations of human nature and the depths to which they have sunk in terms of respect, consideration, and empathy.

    Imagine for a moment that you innocently stumbled upon the fact that the back door of a retail store, say an audio-video store selling big screen TVs, had a broken lock on the back door that the owner didn't know about. Upon closer examination you found that the broken lock would allow you to enter into the storage area of the store and make off with anything in the store's inventory while being completely undetected. Would you:

    a. Help yourself to whatever you want in the store's storage area.
    b. Call all of your friends and tell them know about the broken door lock and potential availability of free stuff for easy pickings.
    c. Talk to the store owner and let him or her know what you've stumbled upon.

    The person who discovered the root flaw decided answer "b" was the right one in this case. I'm sorry, but this doesn't sit well with me. Maybe our current culture has devolved into one where screwing everyone who's not YOU is standard operating procedure, but it still isn't right. Whether it's some small time business owner just trying to get by or a multinational company supporting millions of jobs, families, and shareholders, practicing a tiny bit of consideration for once wouldn't kill the guy. Sure, his good deed would go unnoticed compared to the notoriety he's getting now, but so what. 
    Very well said. For me, there was a huge dollop of “Now’s a chance to make a name for myself” at the heart of this.
  • Reply 22 of 31
    docno42docno42 Posts: 3,755member
    dewme said:
    The whole disclosure thing, however, still leaves me feeling cold about current manifestations of human nature and the depths to which they have sunk in terms of respect, consideration, and empathy.
    Indeed.  Some other very good thoughts on the subject: https://danielmiessler.com/blog/responsible-disclosure-responsible-behavior/
  • Reply 23 of 31
    macxpress said:
    hentaiboy said:
    Running 10.13 here and the patch isn't available. So unless I updated to 10.13.1 in order to take advantage of 'mythical creatures and more expressive smiley faces' I would never know I had an issue  :/
    This is why you should be keeping your system(s) updated. 
    “macOS: Come for the mythical creatures and more expressive smiley faces, stay for the security patches.”
  • Reply 24 of 31
    dewmedewme Posts: 5,332member
    docno42 said:
    dewme said:
    The whole disclosure thing, however, still leaves me feeling cold about current manifestations of human nature and the depths to which they have sunk in terms of respect, consideration, and empathy.
    Indeed.  Some other very good thoughts on the subject: https://danielmiessler.com/blog/responsible-disclosure-responsible-behavior/
    Great blog, bookmarked. Thanks!
  • Reply 25 of 31
    vikranttvikrantt Posts: 1unconfirmed, member
    This update keeps coming back in my appstore. It is weird . I have seen it on two computers. And it also increments the build number by 1 everytime.
    edited November 2017
  • Reply 26 of 31
    dysamoriadysamoria Posts: 3,430member
    I posted on the forum before the patch yesterday that Apple couldn’t create a patch so quickly without doing proper Q.A (which potentially could break other features).

    And here we are.
    i was expecting this to be a lame "finger in hole" solution, rather than a design mistake correction or a bug repair. Makes me wonder if they're going to properly fix it in a later edition.
  • Reply 27 of 31
    dysamoriadysamoria Posts: 3,430member

    macxpress said:
    hentaiboy said:
    Running 10.13 here and the patch isn't available. So unless I updated to 10.13.1 in order to take advantage of 'mythical creatures and more expressive smiley faces' I would never know I had an issue  :/
    This is why you should be keeping your system(s) updated. 
    Updates are what brought this flaw to users in the first place.
  • Reply 28 of 31
    macxpress said:
    Wait for it....wait for it....Tim Cook needs to be fired!!! 

    fahlman said:
    This wouldn't happen if Steve was still alive.

    Doomed, I say, doomed...

    Apple should just shut the place down and return the money to investors.
    SpamSandwich
  • Reply 29 of 31
    dagaz said:
    kevin kee said:
    Excellent. Oh wait, I didn't even have any issue with root user bug, why should I install this patch. Silly.
    @Kevin Kee - you do realise that this bug allows anyone who has physical access to your computer to log in as root (higher than Admin privileges) without a password. Also, if you have file sharing turned on anyone can then access your computer as root. This is the most serious bug I've ever heard of on an Apple device, glad to see Apple were on the ball and released a fix quickly
    @dagaz Apple was most definitely not "on the ball." According to reports, this bug was in the wild for at least several weeks, if not months, and had been discussed publicly on forums. Apple only noticed there was a problem or took it seriously when researchers went to the press this week.

    Anyone paying attention to Apple software releases in recent years will have concluded by now that their QA & testing process is totally broken. After this security hole, perhaps the next most memorable facepalm moment was when Apple released an iOS update that prevented you from making phone calls on your iPhone.

    Some people at Apple definitely know what they're doing, but the company as a whole keeps dropping the ball when it comes to their software. As a result, I think it's wise to use as little Apple software and services on your Mac as possible, and take proper precautions to lock your Mac down – don't trust their often-vaunted security, because it seems to be mostly marketing.
    edited December 2017
  • Reply 30 of 31
    jongrall said:
    dagaz said:
    kevin kee said:
    Excellent. Oh wait, I didn't even have any issue with root user bug, why should I install this patch. Silly.
    @Kevin Kee - you do realise that this bug allows anyone who has physical access to your computer to log in as root (higher than Admin privileges) without a password. Also, if you have file sharing turned on anyone can then access your computer as root. This is the most serious bug I've ever heard of on an Apple device, glad to see Apple were on the ball and released a fix quickly
    @dagaz Apple was most definitely not "on the ball." According to reports, this bug was in the wild for at least several weeks, if not months, and had been discussed publicly on forums. Apple only noticed there was a problem or took it seriously when researchers went to the press this week.

    Anyone paying attention to Apple software releases in recent years will have concluded by now that their QA & testing process is totally broken. After this security hole, perhaps the next most memorable facepalm moment was when Apple released an iOS update that prevented you from making phone calls on your iPhone.

    Some people at Apple definitely know what they're doing, but the company as a whole keeps dropping the ball when it comes to their software. As a result, I think it's wise to use as little Apple software and services on your Mac as possible, and take proper precautions to lock your Mac down – don't trust their often-vaunted security, because it seems to be mostly marketing.
    No matter what one's personal views are on Apple, it must be admitted that this was a really bad thing to let happen for macOS. Even if the ability to exploit this were limited to someone being right there with the computer in question, it's a black mark against Apple's quality assurance processes.
  • Reply 31 of 31
    cowycowy Posts: 17member
    Lived in the fantasy that MacOS is the safest system, and lost my awareness for some time, good to see such action.
Sign In or Register to comment.