Author Topic: TidBITS: High Sierra Bug Provides Full Root Access!!!  (Read 353 times)

xairbusdriver

  • Storm
  • *****
  • Posts: 2042
    • EW7115 (E7115)
    • KTNGERMA20
    • Mid-South Weather
  • Station Details: Davis VP2 wireless + remote Anemometer/2014 Mac min - 10.13.4/WC 3.0
TidBITS: High Sierra Bug Provides Full Root Access!!!
« on: November 29, 2017, 12:17:22 AM »
If you've updated your OS, you should read this.
Expect a Security Update immediately, if not sooner! [banghead]

Weatheraardvark

  • Strong Breeze
  • ***
  • Posts: 244
    • C0005
    • KIADESMI1
    • Des Moines Weather and Climate
  • Station Details: Davis VP2 Plus, is that better?
Re: TidBITS: High Sierra Bug Provides Full Root Access!!!
« Reply #1 on: November 29, 2017, 04:53:17 AM »
Well that isn't fun.  I will await the update.

I did make the mistake of asking on the Apple community forum anything about the APFS for Fusion drives.  Oh man, one guy got so angry that I should ask for a time frame.

Davis VP2 Plus; 24h  FARS; Extra Temp Humid sensor (2); Extra Temp Station (2); Soil Moisture/Temp Station;Weatherlink IP;USB; MAC Sierra; Bloomsky Sky 2; https://map.bloomsky.com/weather-stations/faBiuZWsnpW6n6il

xairbusdriver

  • Storm
  • *****
  • Posts: 2042
    • EW7115 (E7115)
    • KTNGERMA20
    • Mid-South Weather
  • Station Details: Davis VP2 wireless + remote Anemometer/2014 Mac min - 10.13.4/WC 3.0
Re: TidBITS: High Sierra Bug Provides Full Root Access!!!
« Reply #2 on: November 29, 2017, 02:39:00 PM »
"one guy got so angry that I should ask for a time frame." Some Mac Fans are pretty thin-skinned. I've drunk the 'kool-aid' since the Apple ][, but I still think things have changed for the worse at the company. Things like this problem are simply inexcusable, in my humble opinion.

They obviously have smart people building and testing changes and updates. Maybe they should hire some 'people-on-the-street', with absolutely no computer experience, and let them 'play' with each OS/app they upgrade.
    "Smart people won't leave their Root password empty."
    "Smarter people will try using a blank password to see if it works."
[banghead] [rolleyes2]

This security hole is now all over the web. If you have macOS High Sierra installed, you should immediately follow the instructions for bandaging this problem. Even Cocktail's dev has emailed instructions. [tup]

Weatheraardvark

  • Strong Breeze
  • ***
  • Posts: 244
    • C0005
    • KIADESMI1
    • Des Moines Weather and Climate
  • Station Details: Davis VP2 Plus, is that better?
Re: TidBITS: High Sierra Bug Provides Full Root Access!!!
« Reply #3 on: November 29, 2017, 02:40:40 PM »
"one guy got so angry that I should ask for a time frame." Some Mac Fans are pretty thin-skinned. I've drunk the 'kool-aid' since the Apple ][, but I still think things have changed for the worse at the company. Things like this problem are simply inexcusable, in my humble opinion.

They obviously have smart people building and testing changes and updates. Maybe they should hire some 'people-on-the-street', with absolutely no computer experience, and let them 'play' with each OS/app they upgrade.
    "Smart people won't leave their Root password empty."
    "Smarter people will try using a blank password to see if it works."
[banghead] [rolleyes2]

I agree fully.   Geeks do not make great testers.
Davis VP2 Plus; 24h  FARS; Extra Temp Humid sensor (2); Extra Temp Station (2); Soil Moisture/Temp Station;Weatherlink IP;USB; MAC Sierra; Bloomsky Sky 2; https://map.bloomsky.com/weather-stations/faBiuZWsnpW6n6il

xairbusdriver

  • Storm
  • *****
  • Posts: 2042
    • EW7115 (E7115)
    • KTNGERMA20
    • Mid-South Weather
  • Station Details: Davis VP2 wireless + remote Anemometer/2014 Mac min - 10.13.4/WC 3.0
Re: TidBITS: High Sierra Bug Provides Full Root Access!!!
« Reply #4 on: November 29, 2017, 07:01:55 PM »
As expected, the ‘fix’ is in. If you already have 10.3, you can get the corrected version. Anyone downloading now will automatically get the updated version. Cocktail users also can change their Root password with that app. ThU32:-)

elagache

  • Global Moderator
  • Storm
  • *****
  • Posts: 4775
    • DW3835
    • KCAORIND10
    • Canebas Weather
  • Station Details: Davis Vantage Pro-2, MacBook Pro (Early 2011)
*Heavy sigh* . . . (Re: TidBITS: High Sierra Bug Provides Full Root Access!!!)
« Reply #5 on: November 29, 2017, 11:19:23 PM »
Dear X-Air, Weatheraardvark, and Apple old-timers,

If you've updated your OS, you should read this.
Expect a Security Update immediately, if not sooner! [banghead]

 :( . . . . . Repeat after me, . . . . "Oh how I miss Steve Jobs!" . . . . .

Edouard  :(

Weatheraardvark

  • Strong Breeze
  • ***
  • Posts: 244
    • C0005
    • KIADESMI1
    • Des Moines Weather and Climate
  • Station Details: Davis VP2 Plus, is that better?
Re: TidBITS: High Sierra Bug Provides Full Root Access!!!
« Reply #6 on: November 29, 2017, 11:51:16 PM »
I installed the update in mine and the wife's macbook.    and the beat goes on... lol(1)
Davis VP2 Plus; 24h  FARS; Extra Temp Humid sensor (2); Extra Temp Station (2); Soil Moisture/Temp Station;Weatherlink IP;USB; MAC Sierra; Bloomsky Sky 2; https://map.bloomsky.com/weather-stations/faBiuZWsnpW6n6il

xairbusdriver

  • Storm
  • *****
  • Posts: 2042
    • EW7115 (E7115)
    • KTNGERMA20
    • Mid-South Weather
  • Station Details: Davis VP2 wireless + remote Anemometer/2014 Mac min - 10.13.4/WC 3.0
Re: TidBITS: High Sierra Bug Provides Full Root Access!!!
« Reply #7 on: November 30, 2017, 08:34:44 PM »
 [banghead]

First "security update breaks file sharing"! That has also been fixed. The easy way of knowing if you have the second (and hopefully last) fix is to check the "build" number that is after the Version number. If your build number is 17B1002, Software Update should offer you the update again. The build number you want if 17B1003

If you haven't updated High Sierra yet, please do so now. [computer]

This would be a great week to be on vacation at Apple... just be careful that you don't trip over the rolling heads when you return! [spin]