Someone at Apple has really fucked up

Someone at Apple forgot to change default root password from (blank) before release.
I mean if you get paid for doing your job, you should at least do it properly

Other urls found in this thread:

wired.com/story/macos-update-undoes-apple-root-bug-patch/
twitter.com/SFWRedditImages

this is already fixed baka, they fixed it less than a day after it was discovered

It was likely a slave trying to cause chaos in the dungeons so he could slip away unnoticed.

I think they did it on purpose so their friends in China could hack people with it

That wasn't the bug, root is deactivated by default but their was a bug that activated it when you tried to log in as root.
It was actually discovered weeks ago on their developer forum but no one noticed.

The point that everybody is trying to ignore is that the "bug" is available only if you are in possession of the Mac and are logged in.
In that case any computer "belongs" to whoever is in possession of it. Windows, Linux or Mac - it's all the same.

so that's what those very important security updates were about lmao

>logged in
no it worked from the log in screen. on windows you can normally just liveboot, access all unencrypted files, and try to crack the passwords but it's not as easy as just typing root.

>worked from the log in screen
Source? Every instance I have seen them do it from the Settings app.

That's not how it worked.

Umm buddy, you can just hold CMD+S and then you'll boot in single user mode. Linux has that feature, too.

If someone has physical access to the computer, you're doomed. This was a fucking stupid bug and apple sure has lots of those lately, but it doesn't let you do anything you couldn't already do with physical access to the machine.

It worked through remote desktop.

Sure, but if you give a hostile person remote access to your machine, you're already screwed, root or not.
Without root, all your personal files get deleted. With root, all your files and the OS get deleted.

you can just download a password change live-cd and blank the password on any account on windows that's unencrypted. it's that easy, the security is literally a joke.

Apple doesn't care
I've seen mactoddlers denying it's even an issue

>I t-tried it once and it didn't work so you are lying

Instructions explicitly say twice.

>applel

>Apple doesn't care
>was already patched days before this thread was made

*blocks your path*
wired.com/story/macos-update-undoes-apple-root-bug-patch/

Nothing personal, kid.

That's not how it worked.

In short, the bug was that the root account is disabled by default, for some reason that dialog would enable the account and set the password to whatever you set, i.e. blank.

>the bug was that the root account is disabled by default, for some reason that dialog would enable the account and set the password to whatever you set, i.e. blank.
#JustApplelThings

MACTODDLERS BTFO

Jesus that's worse than I thought.

Right up there with that checking the hint box showing you the encrypted volume's password.

>Without root, all your personal files get deleted.
nope. try harder

>Umm buddy, you can just hold CMD+S and then you'll boot in single user mode. Linux has that feature, too.
>If someone has physical access to the computer, you're doomed. This was a fucking stupid bug and apple sure has lots of those lately, but it doesn't let you do anything you couldn't already do with physical access to the machine.
It's 2017, all machines that matter are encrypted.

They also recently had an issue where the password was displayed in plain text instead of the password hint. They also had a vulnerability awhile back where the filevault password was in plain text in unencrypted logs because some retard shipped debug binaries instead of release binaries. Apple is shit and should never be trusted with anything related to security/privacy.

If you give any shits about security, you always encrypt.

Haha holy shit